37 matches found
CVE-2026-40749
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
CVE-2026-9691 WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...
CVE-2026-39680 WordPress Diet Calorie Calculator plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through = 1.1.1...
CVE-2026-39672
The connected sources confirm CVE-2026-39672 relates to the WordPress plugin ShipTime: Discounted Shipping Rates (shiptime-discount-shipping) with a Broken Access Control (Missing Authorization) vulnerability affecting version
PT-2026-27944
Name of the Vulnerable Software and Affected Versions Nexa Blocks versions through 1.1.1 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue impacts Nexa Blocks. Recommendations Update Nexa Blocks to a version later than...
CVE-2025-53335
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Berger: from n/a through = 1.1.1...
PT-2026-21115
Name of the Vulnerable Software and Affected Versions Mopinion Feedback Form versions through 1.1.1 Description The Mopinion Feedback Form software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for t...
CVE-2025-14039
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplefolioitemclientname' and 'simplefolioitemlink' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Mopinion Feedback Form plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Mopinion Feedback Form versions = 1.1.1...
WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Appender versions = 1.1.1...
CVE-2025-66164
Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through = 1.1.1...
CVE-2025-61843
CVE-2025-61843 concerns Adobe Format Plugins. The issue is an Out-of-bounds Read affecting versions 1.1.1 and earlier, leading to memory exposure. Exploitation requires user interaction (victim opens a malicious file). The vulnerability is documented across multiple sources in the Connected docum...
CVE-2025-64284 WordPress Majestic Support plugin <= 1.0.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through = 1.0.7...
EUVD-2025-30726
Malicious code in bioql PyPI...
WordPress Popular Posts by Webline plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Popular Posts by Webline versions = 1.1.1...
PT-2025-39350
Name of the Vulnerable Software and Affected Versions json-schema-editor-visual versions through 1.1.1 Description A Prototype Pollution issue exists in the setData and deleteData functions. Attackers can inject or delete properties on Object.prototype by providing a crafted payload, potentially...
WordPress GSheets Connector Plugin <= 1.1.1 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin GSheets Connector versions = 1.1.1...
CVE-2025-58833
Cross-Site Request Forgery CSRF vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through = 1.1.1...
WordPress Invelity MyGLS connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Invelity MyGLS connect versions = 1.1.1...
PT-2025-36172
Name of the Vulnerable Software and Affected Versions: INVELITY Invelity MyGLS connect versions through 1.1.1 Description: This issue is a Cross-Site Request Forgery CSRF vulnerability that allows Object Injection. Recommendations: At the moment, there is no information about a newer version that...