31 matches found
CVE-2026-39580
Unauthenticated PHP Object Injection in Micdrop = 1.3.1 versions...
EUVD-2025-210242
Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...
CVE-2026-39580 WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Micdrop = 1.3.1 versions...
EUVD-2026-33924
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...
CVE-2026-42733 WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
WordPress ElementInvader Addons for Elementor plugin <= 1.3.1 - Missing Authorization to Arbitrary Options Read vulnerability
Missing Authorization to Arbitrary Options Read vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.1...
CVE-2025-69052 WordPress Registration & Login with Mobile Phone Number for WooCommerce plugin <= 1.3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registration & Login with Mobile Phone Number for...
CVE-2025-10484
The CVE-2025-10484 entry concerns the Registration & Login with Mobile Phone Number for WooCommerce plugin (WordPress). Affected versions: all up to and including 1.3.1, where authentication bypass is achieved via the fma_lwp_set_session_php_fun() path, allowing unauthenticated users to impersona...
CVE-2025-53431
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Emberlyn emberlyn allows PHP Local File Inclusion.This issue affects Emberlyn: from n/a through = 1.3.1...
CVE-2025-60053 WordPress MaxCube theme <= 1.3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes MaxCube maxcube allows PHP Local File Inclusion.This issue affects MaxCube: from n/a through = 1.3.1...
CVE-2025-11876
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
WordPress NS Maintenance Mode for WP plugin <= 1.3.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin NS Maintenance Mode for WP versions = 1.3.1...
CVE-2025-10701
The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2025-8559 All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter
The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...
CVE-2025-8559
CVE-2025-8559 affects the WordPress plugin All in One Music Player. A path traversal vulnerability via the theme parameter exists in versions up to 1.3.1, enabling authenticated attackers with Contributor+ privileges to read server files. Public sources in CNVD, CVE lists, and PT-2025-39939 descr...
WordPress List Child Pages Shortcode Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin List Child Pages Shortcode versions = 1.3.1...
CVE-2025-58021 WordPress List Child Pages Shortcode Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr List Child Pages Shortcode list-child-pages-shortcode allows Stored XSS.This issue affects List Child Pages Shortcode: from n/a through = 1.3.1...
WordPress MaxCube theme <= 1.3.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme MaxCube versions = 1.3.1...
CVE-2023-46195
Missing Authorization vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headline Analyzer: from n/a through = 1.3.1...
CVE-2023-49853
Cross-Site Request Forgery CSRF vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1...