Lucene search
K

25 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57670

Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...

7.1CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 11:16 a.m.3 views

CVE-2026-3243 Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the createcrop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

8.8CVSS6.6AI score0.00807EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.5 views

CVE-2026-32347

Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through = 1.2.5...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32335

Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through = 1.2.5...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/24 1:2 a.m.5 views

CVE-2026-3051

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal...

6.5CVSS5AI score0.06507EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/02/13 10:2 p.m.6 views

WordPress Easy Voice Mail plugin <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'message' vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Easy Voice Mail versions = 1.2.5...

6.1CVSS5.4AI score0.00194EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.3 views

CVE-2025-69293

Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...

8.8CVSS5.2AI score0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.3 views

CVE-2025-69042 WordPress Lindo theme <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through = 1.2.5...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.11 views

CVE-2025-69042

CVE-2025-69042 affects WordPress theme Lindo (GoalThemes) up to 1.2.5. The issue is an improper control of filenames for include/require statements in PHP, enabling Local File Inclusion (LFI) via the theme’s PHP code. The impact is described as PHP Local File Inclusion affecting Lindo; specific e...

8.1CVSS5.5AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-4187

Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...

5.4AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/24 1:10 p.m.24 views

CVE-2025-67621 WordPress Eight Day Week Print Workflow plugin <= 1.2.5 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through = 1.2.5...

4.3CVSS0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.7 views

EUVD-2025-203263

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...

5CVSS6AI score0.0022EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/13 12:32 p.m.23 views

CVE-2025-14606 tiny-rdm Tiny RDM Pickle Decoding pickle_convert.go pickle.loads deserialization

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...

5CVSS0.0022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.5 views

PT-2025-51115

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree o...

5CVSS6.4AI score0.0022EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35422

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.5...

7.5CVSS6.4AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.9 views

CVE-2025-60151 WordPress WP Gravity Forms HubSpot Plugin <= 1.2.5 - Open Redirection Vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.5...

4.7CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.3 views

CVE-2025-60151 WordPress WP Gravity Forms HubSpot Plugin <= 1.2.5 - Open Redirection Vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.5...

4.7CVSS6.5AI score0.0024EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/15 12:27 a.m.12 views

WordPress Flex QR Code Generator plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by johska in WordPress Plugin Flex QR Code Generator versions = 1.2.5...

9.8CVSS7.2AI score0.00878EPSS
Exploits3References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28028

Malicious code in bioql PyPI...

9.1CVSS8.8AI score0.01149EPSS
Exploits2References6
Patchstack
Patchstack
added 2025/01/06 1:31 p.m.3 views

WordPress WP Wand plugin <= 1.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WP Wand versions = 1.2.5...

5.3CVSS7AI score0.00314EPSS
Exploits0Affected Software1
Rows per page
Query Builder