28 matches found
CVE-2026-22484
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...
EUVD-2026-15489
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...
CVE-2026-22484
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...
CVE-2026-22484 WordPress Lisfinity Core plugin <= 1.5.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...
CVE-2026-22484
CVE-2026-22484 is a SQL Injection in the WordPress Lisfinity Core plugin (versions n/a through <= 1.5.0). The issue is described as improper neutralization of elements used in SQL commands, enabling SQL Injection against Lisfinity Core. Public sources (NVD, Red Hat security, EUVD/ENISA, CVE li...
CVE-2026-22484 WordPress Lisfinity Core plugin <= 1.5.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...
WordPress plugin Lisfinity Core SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-27813
Name of the Vulnerable Software and Affected Versions Lisfinity Core versions n/a through 1.5.0 Description A flaw exists in pebas Lisfinity Core lisfinity-core that allows for SQL Injection. This occurs due to improper neutralization of special elements used in an SQL command. The issue affects...
WordPress Lisfinity Core plugin <= 1.5.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Lisfinity Core versions = 1.5.0...
WordPress Lisfinity Core plugin elevation of privilege vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...
CVE-2025-6042
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...
CVE-2025-6042
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...
CVE-2025-6042 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Unauthenticated Privilege Escalation to Editor
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...
CVE-2025-6042
CVE-2025-6042 is a privilege-escalation vulnerability in the WordPress plugin Lisfinity Core (for pebas Lisfinity WordPress theme). Affected: all versions up to and including 1.4.0. Root cause: the plugin assigns the editor role by default and does not restrict API usage, enabling privilege escal...
EUVD-2025-34512
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...
CVE-2025-6042 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Unauthenticated Privilege Escalation to Editor
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...
WordPress Lisfinity Core plugin <= 1.4.0 - Unauthenticated Privilege Escalation to Editor vulnerability
Unauthenticated Privilege Escalation to Editor vulnerability discovered by Alyudin Nafiie in WordPress Plugin Lisfinity Core versions = 1.4.0...
PT-2025-42236
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...
WordPress plugin Lisfinity Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...
CVE-2025-6038
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating...