Lucene search
K

34 matches found

Patchstack
Patchstack
added 2026/06/22 9:21 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability

Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...

8.1CVSS5.9AI score0.00662EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.6 views

EUVD-2026-37602

Unauthenticated PHP Object Injection in EasyMeals = 1.5.1 versions...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-40753

Unauthenticated PHP Object Injection in EasyMeals = 1.5.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.14 views

CVE-2026-40753

CVE-2026-40753 affects the WordPress EasyMeals theme (versions ≤ 1.5.1). The vulnerability is an unauthenticated PHP Object Injection in EasyMeals, caused by unsafe object handling in the affected component. The published metrics indicate a high impact (CVSS v3.1: 8.1, HIGH) with network attack v...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.23 views

CVE-2026-40736 WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Laurits = 1.5.1 versions...

8.1CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 3:27 p.m.28 views

CVE-2026-42672 WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...

9.3CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 4:16 a.m.16 views

CVE-2026-4834

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

7.5CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 8:30 a.m.10 views

CVE-2026-39666

The CVE concerns the WordPress plugin Hello Bar Popup Builder by telepathy, affected versions are up to and including 1.5.1. It reports a DOM-Based XSS due to improper input neutralization during web page generation, enabling cross-site scripting. Impact is described as Cross-Site Scripting with ...

6.5CVSS5.9AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through = 1.5.1...

5.9AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31228

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through = 1.5.1...

6.5CVSS5.9AI score0.00161EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/03 9:32 a.m.26 views

CVE-2025-15598 Dataease SQLBot JWT Token auth.py validateEmbedded signature verification

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

6.3CVSS0.00184EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.4 views

CVE-2026-22391

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through = 1.5.1...

5.4CVSS5.4AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-4014

Name of the Vulnerable Software and Affected Versions Myour versions through 1.5.1 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendations Update Myo...

5.3AI score0.00541EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/31 1:53 p.m.3 views

EUVD-2025-205955

Cross-Site Request Forgery CSRF vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1...

5.4CVSS6.3AI score0.00095EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.7 views

CVE-2025-60180

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through = 1.5.1...

9.8CVSS7AI score0.00386EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 8:16 a.m.11 views

CVE-2025-60180

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through = 1.5.1...

9.8CVSS5.8AI score0.00386EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/15 1:30 p.m.5 views

WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Photo Block versions = 1.5.1...

8.8CVSS7AI score0.00205EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/12/09 4:18 p.m.3 views

CVE-2025-64254

Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through = 1.5.1...

2.7CVSS0.00205EPSS
Exploits0References1
NVD
NVD
added 2025/10/27 2:15 a.m.3 views

CVE-2025-62886

Cross-Site Request Forgery CSRF vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through = 1.5.3...

7.1CVSS0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19305

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00405EPSS
Exploits0References1
Rows per page
Query Builder