Untrusted Data Can Execute Malicious Code in Applay - Shortcodes

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Untrusted Data Can Execute Malicious Code in Applay - Shortcodes

CVE-2026-22384

Summary

An attacker can inject malicious code into Applay - Shortcodes, which is a plugin used in the Applay platform. This could allow an attacker to take control of the system or steal sensitive information. Update to Applay - Shortcodes version 3.8 or later to fix this issue.

Original title

Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7.

Original description

Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7.

nvd CVSS3.1 8.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Plugin/applay-shortcodes/vulnerability...

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026