61 matches found
CVE-2026-10070
CVE-2026-10070 affects macrozheng mall up to version 1.0.3, specifically the Super Admin Password Handler in the /admin/update/ path. The root cause is improper authorization when performing a manipulation, enabling remote exploitation. The description notes that exploitation is possible remotely...
CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization
A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...
CVE-2026-3618 Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute
The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the printclmns shortcode in all versions up to and including 1.0.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. The...
PT-2026-25250
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through = 1.0.3...
PT-2026-23163
Name of the Vulnerable Software and Affected Versions Mikado-Themes Malgré versions through 1.0.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...
PT-2026-21205
Name of the Vulnerable Software and Affected Versions axiomthemes Photolia versions through 1.0.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...
PT-2026-5887
Name of the Vulnerable Software and Affected Versions Chapa Payment Gateway Plugin for WooCommerce versions up to and including 1.0.3 Description The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is susceptible to sensitive information disclosure. An unauthenticated attacker c...
CVE-2025-62050
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through = 1.0.3...
CVE-2025-62050
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through = 1.0.3...
CVE-2025-68009
Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...
CVE-2025-68009 WordPress Slider Templates plugin <= 1.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...
CVE-2025-66137
Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through = 1.0.3...
CVE-2025-62050
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through = 1.0.3...
PT-2026-4006
Name of the Vulnerable Software and Affected Versions Searcher for Elementor versions through 1.0.3 Description The software contains a missing authorization issue due to incorrectly configured access control security levels. Recommendations Update Searcher for Elementor to a version later than...
PT-2026-3992
Name of the Vulnerable Software and Affected Versions blazethemes Blogmatic versions through 1.0.3 Description The software contains a flaw related to unrestricted file uploads, allowing potentially dangerous file types to be uploaded. There is no information about the number of potentially...
CVE-2025-69341
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through = 1.0.3...
CVE-2025-69341
CVE-2025-69341 details (product, version impact, exploit) are not present in the connected documents. Technical specifics (root cause, affected versions, and fix) are not provided; monitor for updates.
CVE-2025-62733
Cross-Site Request Forgery CSRF vulnerability in ProteusThemes Custom Sidebars by ProteusThemes custom-sidebars-by-proteusthemes allows Cross Site Request Forgery.This issue affects Custom Sidebars by ProteusThemes: from n/a through = 1.0.3...
CVE-2025-14016
A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed...
WordPress EduKart Pro plugin <= 1.0.3 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin EduKart Pro versions = 1.0.3...