35 matches found
EUVD-2026-20392
Server-Side Request Forgery SSRF vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through = 1.4.0...
CVE-2026-39616
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through = 1.4.0...
PT-2026-31257
Name of the Vulnerable Software and Affected Versions Podigee versions through 1.4.0 Description A Server-Side Request Forgery SSRF vulnerability exists in Podigee. This allows for Server Side Request Forgery. Recommendations Update Podigee to a version later than 1.4.0...
CVE-2026-28074
Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through = 1.4.0...
PT-2026-23352
Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through = 1.4.0...
CVE-2025-15597
A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-25392
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and replace them wi...
CVE-2026-24567
Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through = 1.4.0...
CVE-2026-24567
CVE-2026-24567 describes a Missing Authorization / Broken Access Control in WordPress plugin “Anything Order by Terms” by briarinc, affecting versions up to and including 1.4.0. Connected sources confirm the flaw is an authorization issue in the anything-order-by-terms component, with patches rec...
CVE-2026-24567
Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through = 1.4.0...
CVE-2025-58710 WordPress Hotel Listing plugin <= 1.4.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through = 1.4.0...
PT-2025-52057
Name of the Vulnerable Software and Affected Versions e-plugins Hotel Listing versions through 1.4.0 Description An incorrect privilege assignment exists in the Hotel Listing plugin, potentially allowing privilege escalation. The issue is present in the hotel-listing component. Recommendations...
CVE-2025-62734
Cross-Site Request Forgery CSRF vulnerability in M.Code Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through = 1.4.0...
CVE-2025-62734 WordPress Media Library Downloader plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in M.Code Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through = 1.4.0...
PT-2025-50003
Cross-Site Request Forgery CSRF vulnerability in Michael Revellin-Clerc Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through = 1.4.0...
CVE-2025-48096
Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through = 1.4.0...
CVE-2025-49961 WordPress Breeze Checkout plugin <= 1.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through = 1.4.0...
CVE-2025-48096 WordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through = 1.4.0...
CVE-2025-48096 WordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through = 1.4.0...
WordPress WP jQuery Pager plugin <= 1.4.0 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability
Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP jQuery Pager versions = 1.4.0...