CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

RedhatCVE•added 2026/01/23 9:16 p.m.•4 views

CVE-2025-67938

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Biagiotti biagiotti allows PHP Local File Inclusion.This issue affects Biagiotti: from n/a through 3.5.2...

8.1CVSS5.5AI score0.00561EPSS

Exploits0References1

NVD•added 2026/01/22 5:16 p.m.•2 views

CVE-2025-67938

8.1CVSS0.00561EPSS

Exploits0References1

Vulnrichment•added 2026/01/22 4:51 p.m.•1 views

CVE-2025-67938 WordPress Biagiotti theme < 3.5.2 - Local File Inclusion vulnerability

5.9AI score0.00561EPSS

Exploits0References1

Cvelist•added 2026/01/22 4:51 p.m.•16 views

CVE-2025-67938 WordPress Biagiotti theme < 3.5.2 - Local File Inclusion vulnerability

8.1CVSS0.00561EPSS

Exploits0References1

ATTACKERKB•added 2026/01/22 4:51 p.m.•1 views

CVE-2025-67938

8.1CVSS5.4AI score0.00561EPSS

Exploits0References2

CVE•added 2026/01/22 4:51 p.m.•10 views

CVE-2025-67938

CVE-2025-67938 describes an unauthenticated Local File Inclusion in the WordPress theme Mikado-Themes Biagiotti, due to improper control of filenames for include/require in PHP (a PHP Remote File Inclusion condition). Affected software: Biagiotti versions before 3.5.2. Red Hat and CVE records cor...

8.1CVSS5.5AI score0.00561EPSS

Exploits0References1

Positive Technologies•added 2026/01/22 12:0 a.m.•5 views

PT-2026-4021

Name of the Vulnerable Software and Affected Versions Mikado-Themes Biagiotti versions prior to 3.5.2 Description A flaw exists in Mikado-Themes Biagiotti that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a 'PHP...

5.4AI score0.00561EPSS

Exploits0References3

CNNVD•added 2026/01/22 12:0 a.m.•4 views

WordPress plugin Biagiotti has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

8.1CVSS5.8AI score0.00561EPSS

Exploits0References1

Patchstack•added 2026/01/15 12:34 p.m.•4 views

WordPress Biagiotti theme < 3.5.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Biagiotti versions 3.5.2...

8.1CVSS7AI score0.00561EPSS

Exploits0Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-27025

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.0018EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-50744

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.00553EPSS

Exploits0References2

RedhatCVE•added 2025/09/07 7:14 p.m.•7 views

CVE-2025-9057

The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.1AI score0.0018EPSS

Exploits0References1

Patchstack•added 2025/09/05 10:59 p.m.•5 views

WordPress Biagiotti Core plugin <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin Biagiotti Core versions = 2.1.3...

6.4CVSS5.5AI score0.0018EPSS

Exploits0References1Affected Software1

NVD•added 2025/09/05 7:15 p.m.•4 views

CVE-2025-9057

6.4CVSS0.0018EPSS

Exploits0References2

CVE•added 2025/09/05 6:23 p.m.•22 views

CVE-2025-9057

The CVE-2025-9057 entry concerns Biagiotti Core for WordPress, vulnerable to Stored Cross-Site Scripting via shortcode attributes in versions up to 2.1.3 due to insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with Contributor+ permissions, who ...

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

Vulnrichment•added 2025/09/05 6:23 p.m.•1 views

CVE-2025-9057 Biagiotti Core <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.7AI score0.0018EPSS

Exploits0References2

Cvelist•added 2025/09/05 6:23 p.m.•7 views

CVE-2025-9057 Biagiotti Core <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.0018EPSS

Exploits0References2

Positive Technologies•added 2025/09/05 12:0 a.m.•4 views

PT-2025-36323

Name of the Vulnerable Software and Affected Versions: Biagiotti Core plugin for WordPress versions prior to 2.1.4 Description: The Biagiotti Core plugin for WordPress is susceptible to Stored Cross-Site Scripting through shortcodes due to inadequate input sanitization and output escaping of...

6.4CVSS5.1AI score0.0018EPSS

Exploits0References6

CNNVD•added 2025/09/05 12:0 a.m.•1 views

WordPress plugin Biagiotti Core 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS5.7AI score0.0018EPSS

Exploits0References3

RedhatCVE•added 2025/02/05 10:22 a.m.•3 views

CVE-2024-12287

The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as othe...

9.8CVSS9.5AI score0.00553EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by