Lucene search
K

26 matches found

Patchstack
Patchstack
added 2026/06/23 1:49 p.m.5 views

WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Popup versions = 1.4.3...

8.8CVSS5.9AI score0.00309EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/04 2:5 p.m.7 views

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.4.3...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/03 11:14 p.m.6 views

ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-35044 via bentoml (>=1.0.0a7 <=1.4.3)

bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-35044 Source advisory: SNYK:PYTHON-BENTOML-15909744...

9.6CVSS5.8AI score0.00392EPSS
Exploits1
Patchstack
Patchstack
added 2026/02/27 8:0 a.m.5 views

WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Dermatology Clinic versions = 1.4.3...

8.1CVSS5.9AI score0.00403EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.20 views

CVE-2025-69305 WordPress Crete Core plugin <= 1.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from n/a through = 1.4.3...

9.3CVSS0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:17 p.m.7 views

CVE-2025-69059

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through = 1.4.3...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.1 views

CVE-2025-69065 WordPress Snow Mountain theme <= 1.4.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Snow Mountain snowmountain allows PHP Local File Inclusion.This issue affects Snow Mountain: from n/a through = 1.4.3...

8.1CVSS5.9AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-4147

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through = 1.4.3...

5.5AI score0.00512EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/31 10:3 a.m.5 views

WordPress DiveIt theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme DiveIt versions = 1.4.3...

8.1CVSS7AI score0.00512EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.5 views

PT-2025-46816

Name of the Vulnerable Software and Affected Versions Qode Qi Blocks versions through 1.4.3 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be store...

6.5CVSS5.9AI score0.00138EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/10 1:20 a.m.6 views

WordPress Simple Downloads List plugin <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Simple Downloads List versions = 1.4.3...

6.4CVSS5.8AI score0.00192EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 3:55 p.m.1 views

CVE-2025-60239 WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

8.5CVSS7.3AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 p.m.5 views

EUVD-2025-37337

Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Code Snippet: from n/a through = 1.4.3...

4.3CVSS6.6AI score0.00191EPSS
Exploits0References2
OSV
OSV
added 2025/10/22 3:15 p.m.2 views

CVE-2025-60227

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through = 1.4.3...

8.6CVSS5.8AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/27 8:44 a.m.2 views

CVE-2025-60113

Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...

4.3CVSS5.9AI score0.00131EPSS
Exploits0References1
NVD
NVD
added 2025/09/26 9:15 a.m.2 views

CVE-2025-60113

Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...

4.3CVSS0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/26 8:31 a.m.1 views

CVE-2025-60113 WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...

4.3CVSS5.1AI score0.00131EPSS
Exploits0References1
NVD
NVD
added 2025/09/05 2:15 p.m.4 views

CVE-2025-58812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto allows Stored XSS.This issue affects Best Restaurant Menu by PriceListo: from n/a through = 1.4.3...

6.5CVSS0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.5 views

CVE-2025-28977

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a through 1.4.3...

7.1CVSS5.2AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 10:34 a.m.21 views

CVE-2025-28979

CVE-2025-28979 concerns the WordPress plugin WP Pipes (version &lt;= 1.4.3). The flaw is an improper control of the filename for include/require statements, enabling Local File Inclusion (LFI). Multiple sources (NVD, Red Hat advisory, CVE lists, Patchstack) confirm WP Pipes

9.8CVSS5.3AI score0.00354EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder