241 matches found
WordPress MaxiNet theme <= 1.2.10 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MaxiNet versions = 1.2.10...
UsersWP <= 1.2.10 - Unauthenticated SQL Injection
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress contains a time-based SQL Injection caused by insufficient escaping of the 'uwpsortby' parameter in all versions up to 1.2.10, letting unauthenticated attackers execute arbitrary SQL queries,...
CVE-2026-1540
The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...
PT-2026-29683
CVE-2026-1540 The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code… https://t.co/IMmhcpMAZ9...
EUVD-2026-15502
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through = 1.2.10...
CVE-2026-22496 WordPress Hypnotherapy theme <= 1.2.10 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through = 1.2.10...
CVE-2026-22496 WordPress Hypnotherapy theme <= 1.2.10 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through = 1.2.10...
CVE-2026-22496
CVE-2026-22496 is a local file inclusion (PHP) vulnerability in the WordPress Hypnotherapy theme (Hypnotherapy) up to version 1.2.10. The issue arises from improper control of filenames in include/require statements (PHP RFI). Affected installations could be exploited remotely via the plugin/them...
EUVD-2026-11965
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...
CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...
CVE-2026-32431 WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through = 1.2.10...
CVE-2026-32431
The CVE concerns the WordPress plugin Astra Bulk Edit (Brainstorm Force) for Astra Bulk Edit, specifically the astra-bulk-edit component. It describes a DOM-based XSS introduced by improper neutralization of input during web page generation, resulting in a Cross-Site Scripting vulnerability. Affe...
WordPress Hypnotherapy theme <= 1.2.10 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hypnotherapy versions = 1.2.10...
WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Astra Bulk Edit versions = 1.2.10...
CVE-2026-25422
Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through = 1.2.10...
CVE-2026-25422 WordPress Popularis Extra plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through = 1.2.10...
CVE-2026-25422 WordPress Popularis Extra plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through = 1.2.10...
CVE-2026-25422
Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through = 1.2.10...
PT-2026-20743
Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through = 1.2.10...
CVE-2026-25895
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched ...