34 matches found
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability
Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...
EUVD-2026-37602
Unauthenticated PHP Object Injection in EasyMeals = 1.5.1 versions...
CVE-2026-40753
Unauthenticated PHP Object Injection in EasyMeals = 1.5.1 versions...
CVE-2026-40753
CVE-2026-40753 affects the WordPress EasyMeals theme (versions ≤ 1.5.1). The vulnerability is an unauthenticated PHP Object Injection in EasyMeals, caused by unsafe object handling in the affected component. The published metrics indicate a high impact (CVSS v3.1: 8.1, HIGH) with network attack v...
CVE-2026-40736 WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Laurits = 1.5.1 versions...
CVE-2026-42672 WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...
CVE-2026-4834
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
CVE-2026-39666
The CVE concerns the WordPress plugin Hello Bar Popup Builder by telepathy, affected versions are up to and including 1.5.1. It reports a DOM-Based XSS due to improper input neutralization during web page generation, enabling cross-site scripting. Impact is described as Cross-Site Scripting with ...
CVE-2026-39666
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through = 1.5.1...
PT-2026-31228
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through = 1.5.1...
CVE-2025-15598 Dataease SQLBot JWT Token auth.py validateEmbedded signature verification
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...
CVE-2026-22391
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through = 1.5.1...
PT-2026-4014
Name of the Vulnerable Software and Affected Versions Myour versions through 1.5.1 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendations Update Myo...
EUVD-2025-205955
Cross-Site Request Forgery CSRF vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1...
CVE-2025-60180
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through = 1.5.1...
CVE-2025-60180
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through = 1.5.1...
WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Photo Block versions = 1.5.1...
CVE-2025-64254
Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through = 1.5.1...
CVE-2025-62886
Cross-Site Request Forgery CSRF vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through = 1.5.3...
EUVD-2025-19305
Malicious code in bioql PyPI...