WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by 0xzenko in WordPress Plugin CloudSecure WP Security versions = 1.4.7...

CVE-2025-0898 Xpro Elementor Addons - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read via Draw SVG

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

EUVD-2025-209964

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

WordPress plugin Supsystic Membership SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Remove Add to Cart WooCommerce plugin <= 1.4.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Remove Add to Cart WooCommerce versions = 1.4.7...

Security Bulletin: Dynamic XSS Vulnerability in GraphiQL via Malicious Schema Introspection Responses (Pre-v1.4.7) watsonx.data

Summary All versions of GraphiQL before 1.4.7 are vulnerable to a dynamic XSS flaw triggered by malicious schema introspection responses or crafted type names, potentially allowing code injection during autocomplete—especially in custom setups where the schema endpoint can be user-controlled. Thi...

CVE-2026-32435

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through = 1.4.7...

EUVD-2026-11957

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through 1.4.7...

CVE-2026-32435

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through = 1.4.7...

CVE-2026-32426

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through 1.4.7...

CVE-2026-32435 WordPress VW Pet Shop theme <= 1.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through = 1.4.7...

CVE-2026-32435 WordPress VW Pet Shop theme <= 1.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through = 1.4.7...

CVE-2026-32435

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through = 1.4.7...

CVE-2026-32426 WordPress Medilazar Core plugin < 1.4.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through 1.4.7...

CVE-2026-32426

The CVE-2026-32426 entry describes a Local File Inclusion (LFI) vulnerability in the WordPress plugin Medilazar Core (themelexus) prior to version 1.4.7 . The root cause is improper control of the filename for include/require in PHP, effectively enabling LFI. Affected software: Medilazar Core

CVE-2026-32426

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through 1.4.7...

PT-2026-25272

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through 1.4.7...

PT-2026-25281

CVE-2026-32435 Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW … https://t.co/sqcz4h6GH8...

CVE-2026-22440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree Thecs thecs allows Reflected XSS.This issue affects Thecs: from n/a through = 1.4.7...

CVE-2026-2599

CVE-2026-2599 : The WordPress plugin cluster “Database for Contact Form 7, WPforms, Elementor forms” is affected by an unauthenticated PHP Object Injection via deserialization in the download_csv function (vulnerable through 1.4.7). The vulnerability alone has no impact unless a PHP Object Payloa...