Lucene search
K

61 matches found

CVE
CVE
added 2026/05/29 4:15 p.m.16 views

CVE-2026-10070

CVE-2026-10070 affects macrozheng mall up to version 1.0.3, specifically the Super Admin Password Handler in the /admin/update/ path. The root cause is improper authorization when performing a manipulation, enabling remote exploitation. The description notes that exploitation is possible remotely...

5.8CVSS5.5AI score0.00218EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/24 10:45 a.m.10 views

CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

6.5CVSS6.2AI score0.00252EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/08 6:43 a.m.1 views

CVE-2026-3618 Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute

The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the printclmns shortcode in all versions up to and including 1.0.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. The...

6.4CVSS6AI score0.00302EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25250

Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through = 1.0.3...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.4 views

PT-2026-23163

Name of the Vulnerable Software and Affected Versions Mikado-Themes Malgré versions through 1.0.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

5.8AI score0.00504EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21205

Name of the Vulnerable Software and Affected Versions axiomthemes Photolia versions through 1.0.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

8.1CVSS5.4AI score0.00403EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.30 views

PT-2026-5887

Name of the Vulnerable Software and Affected Versions Chapa Payment Gateway Plugin for WooCommerce versions up to and including 1.0.3 Description The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is susceptible to sensitive information disclosure. An unauthenticated attacker c...

5.3CVSS5.4AI score0.00282EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.5 views

CVE-2025-62050

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through = 1.0.3...

9.9CVSS5.4AI score0.00483EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.4 views

CVE-2025-62050

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through = 1.0.3...

9.9CVSS0.00483EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.2 views

CVE-2025-68009

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...

6.5CVSS5.3AI score0.00354EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.19 views

CVE-2025-68009 WordPress Slider Templates plugin <= 1.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...

6.5CVSS0.00354EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.3 views

CVE-2025-66137

Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through = 1.0.3...

8.8CVSS5.3AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.3 views

CVE-2025-62050

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through = 1.0.3...

9.9CVSS5.3AI score0.00483EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-4006

Name of the Vulnerable Software and Affected Versions Searcher for Elementor versions through 1.0.3 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. Recommendations Update Searcher for Elementor to a version later than...

5.3AI score0.0022EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-3992

Name of the Vulnerable Software and Affected Versions blazethemes Blogmatic versions through 1.0.3 Description The software contains a flaw related to unrestricted file uploads, allowing potentially dangerous file types to be uploaded. There is no information about the number of potentially...

5.3AI score0.00483EPSS
Exploits0References3
NVD
NVD
added 2026/01/06 5:15 p.m.15 views

CVE-2025-69341

Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through = 1.0.3...

5.4CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/01/06 4:36 p.m.13 views

CVE-2025-69341

CVE-2025-69341 details (product, version impact, exploit) are not present in the connected documents. Technical specifics (root cause, affected versions, and fix) are not provided; monitor for updates.

5.4CVSS6.6AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.1 views

CVE-2025-62733

Cross-Site Request Forgery CSRF vulnerability in ProteusThemes Custom Sidebars by ProteusThemes custom-sidebars-by-proteusthemes allows Cross Site Request Forgery.This issue affects Custom Sidebars by ProteusThemes: from n/a through = 1.0.3...

4.3CVSS0.00107EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 7:16 p.m.3 views

CVE-2025-14016

A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed...

8.1CVSS5.5AI score0.00259EPSS
Exploits1References4
Patchstack
Patchstack
added 2025/11/25 6:51 a.m.8 views

WordPress EduKart Pro plugin <= 1.0.3 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin EduKart Pro versions = 1.0.3...

9.8CVSS7AI score0.00305EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder