25 matches found
CVE-2026-57670
Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...
CVE-2026-3243 Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the createcrop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
CVE-2026-32347
Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through = 1.2.5...
CVE-2026-32335
Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through = 1.2.5...
CVE-2026-3051
A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal...
WordPress Easy Voice Mail plugin <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'message' vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Easy Voice Mail versions = 1.2.5...
CVE-2025-69293
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-69042 WordPress Lindo theme <= 1.2.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through = 1.2.5...
CVE-2025-69042
CVE-2025-69042 affects WordPress theme Lindo (GoalThemes) up to 1.2.5. The issue is an improper control of filenames for include/require statements in PHP, enabling Local File Inclusion (LFI) via the theme’s PHP code. The impact is described as PHP Local File Inclusion affecting Lindo; specific e...
PT-2026-4187
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-67621 WordPress Eight Day Week Print Workflow plugin <= 1.2.5 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through = 1.2.5...
EUVD-2025-203263
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...
CVE-2025-14606 tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...
PT-2025-51115
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree o...
EUVD-2025-35422
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.5...
CVE-2025-60151 WordPress WP Gravity Forms HubSpot Plugin <= 1.2.5 - Open Redirection Vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.5...
CVE-2025-60151 WordPress WP Gravity Forms HubSpot Plugin <= 1.2.5 - Open Redirection Vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.5...
WordPress Flex QR Code Generator plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by johska in WordPress Plugin Flex QR Code Generator versions = 1.2.5...
EUVD-2025-28028
Malicious code in bioql PyPI...
WordPress WP Wand plugin <= 1.2.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WP Wand versions = 1.2.5...