26 matches found
WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Popup versions = 1.4.3...
WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.4.3...
ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-35044 via bentoml (>=1.0.0a7 <=1.4.3)
bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-35044 Source advisory: SNYK:PYTHON-BENTOML-15909744...
WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Dermatology Clinic versions = 1.4.3...
CVE-2025-69305 WordPress Crete Core plugin <= 1.4.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from n/a through = 1.4.3...
CVE-2025-69059
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through = 1.4.3...
CVE-2025-69065 WordPress Snow Mountain theme <= 1.4.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Snow Mountain snowmountain allows PHP Local File Inclusion.This issue affects Snow Mountain: from n/a through = 1.4.3...
PT-2026-4147
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through = 1.4.3...
WordPress DiveIt theme <= 1.4.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme DiveIt versions = 1.4.3...
PT-2025-46816
Name of the Vulnerable Software and Affected Versions Qode Qi Blocks versions through 1.4.3 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be store...
WordPress Simple Downloads List plugin <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Simple Downloads List versions = 1.4.3...
CVE-2025-60239 WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...
EUVD-2025-37337
Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Code Snippet: from n/a through = 1.4.3...
CVE-2025-60227
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through = 1.4.3...
CVE-2025-60113
Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...
CVE-2025-60113
Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...
CVE-2025-60113 WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...
CVE-2025-58812
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto allows Stored XSS.This issue affects Best Restaurant Menu by PriceListo: from n/a through = 1.4.3...
CVE-2025-28977
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a through 1.4.3...
CVE-2025-28979
CVE-2025-28979 concerns the WordPress plugin WP Pipes (version <= 1.4.3). The flaw is an improper control of the filename for include/require statements, enabling Local File Inclusion (LFI). Multiple sources (NVD, Red Hat advisory, CVE lists, Patchstack) confirm WP Pipes