457690 matches found
CVE-2026-39596 WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability
Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...
CVE-2026-39596
The CVE covers WordPress Blocksy Companion Pro plugin, vulnerable in versions
CVE-2026-39573
CVE-2026-39573 : Unauthenticated PHP Object Injection in WordPress Mildhill theme <= 1.5. Affected component: Mildhill theme (WordPress). Root cause: PHP Object Injection vulnerability. Impact: high across confidentiality, integrity, and availability (CVSSv3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/...
CVE-2026-39573 WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
CVE-2026-39545 WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...
CVE-2026-39545
The CVE-2026-39545 entry affects the WordPress Zermatt theme (versions <= 1.6.1) and describes an unauthenticated PHP Object Injection vulnerability in Zermatt
CVE-2026-22340
CVE-2026-22340: Unauthenticated SQL Injection in WordPress WPJobster theme
CVE-2026-22340 WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...
CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...
CVE-2026-22335
The CVE CVE-2026-22335 affects WordPress: WooCommerce Frontend Manager – Ultimate (wc-frontend-manager-ultimate) versions below 6.7.7. It is a SQL Injection vulnerability exploitable by an authenticated subscriber, with a CVSS base score of 8.5 per Patchstack (high impact: confidentiality) and 6....
CVE-2026-22332
CVE-2026-22332 covers an unauthenticated SQL injection in WordPress Tutor LMS Pro plugin versions up to 3.9.6. The CVE entry and Patchstack reference document this vulnerability (including a CVSS v3.1 base score of 9.3, CRITICAL) affecting Tutor LMS Pro <=3.9.6, with exploitation status not pr...
CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
CVE-2025-69135
Technical details (affected plugin version range, root cause, impact, remediation) are not publicly available in the provided connected documents. Monitor for updates; current sources do not specify vulnerable functions or fixes.
CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...
CVE-2025-60205
The CVE-2025-60205 entry concerns WordPress ThemeREX Addons plugin version
CVE-2025-60205 WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...
CVE-2026-12115 Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import
The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-12115
The vulnerability CVE-2026-12115 affects the WordPress plugin Counter Box (versions up to 2.0.13). It allows PHP Object Injection via deserialization of untrusted input and requires authenticated access at Administrator+ level. Deserialization occurs automatically during the post-import redirect ...
CVE-2026-27870 CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...
CVE-2026-28576
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...