EUVD-2026-9781

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This issue affects Little Birdies: from n/a through = 1.3.16...

CVE-2026-28129 WordPress Little Birdies theme <= 1.3.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This issue affects Little Birdies: from n/a through = 1.3.16...

CVE-2026-28129 WordPress Little Birdies theme <= 1.3.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This issue affects Little Birdies: from n/a through = 1.3.16...

WordPress Little Birdies theme <= 1.3.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Little Birdies versions = 1.3.16...

WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability

Software : Diza Type : Theme Vulnerable versions : = 1.3.15 Fixed in : 1.3.16 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68544 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : f639a1eb5493...

CVE-2025-14548

Summary (CVE-2025-14548) : The Calendar WordPress plugin is affected up to version 1.3.16. The vulnerability is a Stored Cross-Site Scripting (XSS) via the event_desc parameter caused by insufficient input sanitization and output escaping. The issue is exploitable by authenticated attackers with ...

EUVD-2025-27455

Malicious code in bioql PyPI...

CVE-2025-30875

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through = 1.3.16...

CVE-2025-30875

CVE-2025-30875 applies to WordPress plugin WP Weixin by Alexandre Froger, vulnerable to Stored XSS via improper input neutralization during web page generation. Affected: WP Weixin versions n/a through 1.3.16. CVSS v3.1 metrics: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L; base score 5.9 (Medium). Exploi...

CVE-2025-30875 WordPress WP Weixin plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through = 1.3.16...

WordPress plugin WP Weixin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

PT-2025-36755

Name of the Vulnerable Software and Affected Versions: Alexandre Froger WP Weixin versions through 1.3.16 Description: The software contains an Improper Neutralization of Input During Web Page Generation, which allows for Stored Cross-site Scripting XSS. Recommendations: Update Alexandre Froger W...

CVE-2025-39451

Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through = 1.3.16...

WordPress JetBlocks For Elementor plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JetBlocks For Elementor versions = 1.3.16...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices prior to version 1.3.16, which stems from a Blockchain Keystore containing an improperly...

WordPress TOP Table Of Contents Plugin <= 1.3.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software TOP Table Of Contents Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32110 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b11059e9c542 Credits Dhabaleshwa...

WordPress Appointment Hour Booking Plugin < 1.3.16 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dwbooster:appointmenthourbooking"; ifdescription...

CVE-2021-24673 Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting

The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2021:1014-1 Rating: important References: 1180399 1187706 1187707 Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730 CVSS scores: CVE-2020-18670 NVD : 5.4...

OPENSUSE-SU-2021:0974-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Upgrade to version 1.3.16 This is a security update to the LTS version 1.3. It fixes a recently reported stored cross-site scripting XSS vulnerability via HTML or plain text messages with malicious content. References: - CVE-2020-18670:...