Lucene search
K

31 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-39580

Unauthenticated PHP Object Injection in Micdrop = 1.3.1 versions...

8.1CVSS0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.8 views

EUVD-2025-210242

Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.21 views

CVE-2026-39580 WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Micdrop = 1.3.1 versions...

8.1CVSS0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 1:34 p.m.12 views

EUVD-2026-33924

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...

8.1CVSS5.8AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.30 views

CVE-2026-42733 WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...

7.1CVSS0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/03 6:43 a.m.5 views

WordPress ElementInvader Addons for Elementor plugin <= 1.3.1 - Missing Authorization to Arbitrary Options Read vulnerability

Missing Authorization to Arbitrary Options Read vulnerability discovered by Francesco Carlucci in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.1...

4.3CVSS5.4AI score0.00294EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.2 views

CVE-2025-69052 WordPress Registration & Login with Mobile Phone Number for WooCommerce plugin <= 1.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registration & Login with Mobile Phone Number for...

9.8CVSS5.9AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/01/17 8:24 a.m.23 views

CVE-2025-10484

The CVE-2025-10484 entry concerns the Registration & Login with Mobile Phone Number for WooCommerce plugin (WordPress). Affected versions: all up to and including 1.3.1, where authentication bypass is achieved via the fma_lwp_set_session_php_fun() path, allowing unauthenticated users to impersona...

9.8CVSS5.5AI score0.00401EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.2 views

CVE-2025-53431

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Emberlyn emberlyn allows PHP Local File Inclusion.This issue affects Emberlyn: from n/a through = 1.3.1...

8.1CVSS7.1AI score0.00445EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.21 views

CVE-2025-60053 WordPress MaxCube theme <= 1.3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes MaxCube maxcube allows PHP Local File Inclusion.This issue affects MaxCube: from n/a through = 1.3.1...

8.1CVSS0.00415EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 8:15 a.m.2 views

CVE-2025-11876

The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS0.00188EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/10/30 6:44 a.m.9 views

WordPress NS Maintenance Mode for WP plugin <= 1.3.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin NS Maintenance Mode for WP versions = 1.3.1...

3.5CVSS5.9AI score0.00165EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/25 8:29 a.m.12 views

CVE-2025-10701

The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/30 3:35 a.m.6 views

CVE-2025-8559 All in One Music Player <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter

The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...

6.5CVSS0.00379EPSS
Exploits0References3
CVE
CVE
added 2025/09/30 3:35 a.m.17 views

CVE-2025-8559

CVE-2025-8559 affects the WordPress plugin All in One Music Player. A path traversal vulnerability via the theme parameter exists in versions up to 1.3.1, enabling authenticated attackers with Contributor+ privileges to read server files. Public sources in CNVD, CVE lists, and PT-2025-39939 descr...

6.5CVSS5.4AI score0.00379EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/22 6:55 p.m.4 views

WordPress List Child Pages Shortcode Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin List Child Pages Shortcode versions = 1.3.1...

6.5CVSS6AI score0.00258EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/09/22 6:23 p.m.9 views

CVE-2025-58021 WordPress List Child Pages Shortcode Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr List Child Pages Shortcode list-child-pages-shortcode allows Stored XSS.This issue affects List Child Pages Shortcode: from n/a through = 1.3.1...

6.5CVSS0.00258EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/19 6:19 a.m.5 views

WordPress MaxCube theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme MaxCube versions = 1.3.1...

8.2CVSS7AI score0.00415EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:3 a.m.4 views

CVE-2023-46195

Missing Authorization vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headline Analyzer: from n/a through = 1.3.1...

6.5CVSS7.3AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:34 a.m.7 views

CVE-2023-49853

Cross-Site Request Forgery CSRF vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1...

8.8CVSS8.5AI score0.00254EPSS
Exploits0References1
Rows per page
Query Builder