WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download

Themewinter Eventin contains a path traversal caused by relative path manipulation, letting attackers access arbitrary files on the server, exploit requires no specific privileges or user interaction. id: CVE-2025-47445 info: name: WordPress Eventin Themewinter ≤ 4.0.26 - Arbitrary File Download...

WordPress Eventin plugin <= 4.0.26 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by mikemyers in WordPress Plugin Eventin versions = 4.0.26...

EUVD-2024-28154

Malicious code in bioql PyPI...

CVE-2025-39476

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Revo revo allows PHP Local File Inclusion.This issue affects Revo: from n/a through = 4.0.26...

CVE-2025-39476 WordPress Revo theme <= 4.0.26 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Revo allows PHP Local File Inclusion. This issue affects Revo: from n/a through 4.0.26...

WordPress Revo theme <= 4.0.26 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Revo versions = 4.0.26...

CVE-2025-47539

Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26...

EUVD-2025-28094

Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26...

CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...

CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...

CVE-2024-30197

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.0.26...

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-47445

Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-30223

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26...

CVE-2024-30222

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26...

CVE-2024-30223

CVE-2024-30223 affects the WordPress ARMember plugin up to version 4.0.26, caused by unauthenticated PHP Object Injection via deserialization of untrusted input. Affected component: ARMember (WordPress plugin). Root cause: deserialization of untrusted data leading to PHP object injection. Impact ...

CVE-2024-30197

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26...

Cross-site Request Forgery (CSRF)

Overview com.liferay:com.liferay.layout.admin.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the pauth parameter. An attacker can intercept the CSRF token and perform unauthorized actions on behalf of the user by manipulati...

WordPress Multiple Vulnerabilities (Mar 2019) - Windows

WordPress is prone to a cross-site request forgery CSRF vulnerability in a comment form which leads to HTML injection and cross-site scripting XSS attacks. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...