CVE-2026-25352

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through 1.5.9...

CVE-2026-25352 WordPress MyDecor theme < 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through 1.5.9...

CVE-2026-25352

CVE-2026-25352 is a confirmed Reflected XSS in the WordPress theme MyDecor. Affected products: MyDecor versions prior to 1.5.9. The entry documents a reflected cross-site scripting flaw arising from improper input neutralization during web page generation, enabling a reflected payload to execute ...

WordPress plugin MyDecor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

PT-2026-27913

Name of the Vulnerable Software and Affected Versions skygroup MyDecor versions prior to 1.5.9 Description A flaw exists in skygroup MyDecor that allows for Reflected Cross-site Scripting XSS. This issue is due to improper handling of user-supplied input when generating web pages. Successful...

WordPress Speedup Optimization plugin <= 1.5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'speedup01_enabled' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification via 'speedup01enabled' AJAX Action vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Speedup Optimization versions = 1.5.9...

EUVD-2026-13995

The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...

CVE-2026-4127

The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...

WordPress plugin Speedup Optimization 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress MyDecor theme < 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MyDecor versions 1.5.9...

CVE-2025-69294

Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through = 1.5.9...

CVE-2025-69322

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through 1.5.9...

CVE-2025-69294

Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through = 1.5.9...

CVE-2025-69322

CVE-2025-69322 concerns the PeakShops WordPress theme (pre-1.5.9). It is a PHP Local File Inclusion due to improper handling of include/require filenames, enabling local file inclusion. Red Hat and NVD records corroborate the description; the issue affects PeakShops

PT-2026-21138

Name of the Vulnerable Software and Affected Versions fuelthemes PeakShops versions prior to 1.5.9 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion...

WordPress plugin PeakShops 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

PT-2026-6602

Name of the Vulnerable Software and Affected Versions ChestnutCMS versions prior to 1.5.9 Description An issue allows a remote attacker to execute arbitrary code via the template creation function. Recommendations Update to version 1.5.9 or later...

WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PeakShops versions = 1.5.9...

WordPress PeakShops theme < 1.5.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PeakShops versions 1.5.9...

CVE-2022-0753

Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9...