Lucene search
K

2005 matches found

CVE
CVE
added 2025/12/05 9:27 a.m.20 views

CVE-2025-12851

CVE-2025-12851 affects the WordPress plugin My auctions allegro (through 3.6.32). The issue is an Unauthenticated Local File Inclusion via the controller parameter, enabling inclusion and execution of PHP files on the server and potentially bypassing access controls or achieving code execution. A...

8.1CVSS7AI score0.00678EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/04 8:43 p.m.4 views

CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

9.3CVSS7.6AI score0.00522EPSS
Exploits0References5
NVD
NVD
added 2025/11/05 12:15 p.m.6 views

CVE-2025-12497

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'argsextratemplatepath' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

8.1CVSS0.00606EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/02 2:55 a.m.18 views

CVE-2025-11920

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

8.8CVSS7.1AI score0.00535EPSS
Exploits0References1
NVD
NVD
added 2025/11/01 2:15 a.m.39 views

CVE-2025-11920

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

8.8CVSS0.00535EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/15 8:25 a.m.5 views

EUVD-2025-34556

The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS6.6AI score0.00576EPSS
Exploits0References4
CVE
CVE
added 2025/10/15 2:26 a.m.19 views

CVE-2025-11746

CVE-2025-11746 is an authenticated Local File Inclusion vulnerability affecting the WordPress XStore/Multi-purpose WooCommerce Theme (versions <= 9.5.4). Exploitation via theet_ajax_required_plugins_popup() enables an attacker with Subscriber+ privileges to include and execute arbitrary PHP co...

8.8CVSS6.8AI score0.00673EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

WordPress plugin XStore 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path travers...

8.8CVSS6.5AI score0.00673EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 6:20 a.m.5 views

CVE-2025-7634

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

9.8CVSS7.3AI score0.00751EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/09 5:23 a.m.3 views

CVE-2025-7634 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

9.8CVSS6.9AI score0.00751EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-6516

Malware in sbrugna...

7.5CVSS6.4AI score0.0684EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-20771

Malware in sbrugna...

9.8CVSS9.5AI score0.01489EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-9381

Malware in sbrugna...

7.5CVSS6.4AI score0.4334EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-8917

Malware in sbrugna...

8.8CVSS8.8AI score0.03074EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-1598

Malware in sbrugna...

7.5CVSS6.4AI score0.03004EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2015-9393

Malware in sbrugna...

7.2CVSS6.4AI score0.01436EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-0867

Malware in sbrugna...

7.5CVSS6.4AI score0.02909EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-4790

Malware in sbrugna...

7.5CVSS6AI score0.01644EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-7271

Malware in sbrugna...

9.8CVSS9.2AI score0.03116EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1514

Malware in sbrugna...

7.5CVSS6.4AI score0.05786EPSS
Exploits2References6
Rows per page
Query Builder