291 matches found
CVE-2026-61970
Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...
CVE-2026-61970
The CVE-2026-61970 entry concerns a Server-Side Request Forgery (SSRF) in the Themeisle Auto Featured Image (Auto Post Thumbnail) WordPress plugin. Affected versions are <= 5.0.4 (reported as from n/a through
CVE-2026-61970 WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...
CVE-2026-57431
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
CVE-2026-57431
The CVE-2026-57431 entry describes an Author Cross Site Scripting (XSS) vulnerability in the WordPress Featured Image plugin, affecting versions
CVE-2026-57431 WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
EUVD-2026-39739
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
CVE-2026-57431
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image versions = 2.1...
CVE-2026-7859
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-7859
CVE-2026-7859 affects the Motors WordPress plugin before 1.4.110. The vulnerability arises from missing proper authorisation and CSRF checks on an AJAX action, allowing unauthenticated attackers to modify arbitrary post metadata (e.g., gallery, featured image) and, on WooCommerce sites, product p...
CVE-2026-7859
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-10779
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...
EUVD-2026-37978
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...
CVE-2026-10779 Classified Listing <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification via Multiple AJAX Handlers ('listingId'/'id' Parameters)
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...
PT-2026-50830
Name of the Vulnerable Software and Affected Versions Classified Listing – Classified ads & Business Directory versions prior to 5.4.3 Description The plugin contains a missing authorization flaw in the gallery image update as feature AJAX handler action: rtcl fb gallery image update as feature...
CVE-2026-5077
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...
CVE-2026-5077
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...
EUVD-2026-26768
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...