Lucene search
K

7 matches found

NVD
NVD
added 2026/06/27 8:16 a.m.11 views

CVE-2026-12471

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS0.00196EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39954

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.8 views

CVE-2026-12471

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.35 views

CVE-2026-12471 Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation

The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activateplugin function in all versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate a limited set o...

4.3CVSS0.00196EPSS
Exploits0References4
CVE
CVE
added 2026/06/27 6:50 a.m.10 views

CVE-2026-12471

The CVE concerns the Spexo WordPress theme. A missing capability check in the activate_plugin function affects all versions up to and including 2.0.11, allowing authenticated attackers with Subscriber-level access and above to activate a limited set of plugins. The information from connected docu...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53055

Name of the Vulnerable Software and Affected Versions Spexo theme for WordPress versions prior to 2.0.12 Description Unauthorized access is possible due to a missing capability check in the activate plugin function. This allows authenticated users with Subscriber-level permissions or higher to...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References10
Patchstack
Patchstack
added 2025/01/24 10:31 p.m.6 views

WordPress Sastra Essential Addons for Elementor plugin <= 1.0.14 - Missing Authorization to Spexo Theme Install vulnerability

Missing Authorization to Spexo Theme Install vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Sastra Essential Addons for Elementor versions = 1.0.14...

4.3CVSS7AI score0.00237EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder