Lucene search
K

11 matches found

NVD
NVD
added 2026/06/02 10:16 a.m.14 views

CVE-2025-53302

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

5.3CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 9:45 a.m.22 views

CVE-2025-53302

CVE-2025-53302 in WordPress Theme Constructor (<= 1.6.5) is a Missing Authorization / Broken Access Control issue. Publicly disclosed details indicate unauthenticated access to restricted functionality due to ACL constraints, affecting Constructor versions up to 1.6.5. CVSS v3.1 base score is ...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/08 10:40 p.m.9 views

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +215 more potentially affected by CVE-2025-68158 via authlib (>=1.0.0 <=1.6.5)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-68158 Source advisory:...

8.8CVSS5.7AI score0.00237EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/11/06 3:55 p.m.2 views

CVE-2025-62065 WordPress RTMKit plugin <= 1.6.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through = 1.6.5...

9.9CVSS6.6AI score0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/24 12:29 p.m.5 views

CVE-2025-11576 AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection

The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebytechatbotexportmessages' function. This makes it possible for...

4.3CVSS6.4AI score0.00262EPSS
Exploits0References2
CVE
CVE
added 2025/10/09 2:9 a.m.16 views

CVE-2025-10496

CVE-2025-10496 affects the WordPress plugin Cookie Notice & Consent (versions up to 1.6.5). Root cause: stored cross-site scripting via the uuid parameter due to insufficient input sanitization/output escaping. Impact: unauthenticated attackers can inject arbitrary scripts that execute when users...

7.2CVSS4.9AI score0.00281EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/07 5:35 p.m.5 views

CVE-2025-9194

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

4.3CVSS5.1AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27816

Malicious code in bioql PyPI...

9.8CVSS9AI score0.00503EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/27 2:53 p.m.7 views

WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Sulabh Jain in WordPress Theme Constructor versions = 1.6.5...

6.9AI score0.00187EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/05/07 3:16 p.m.3 views

CVE-2025-47542

Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5...

4.3CVSS5.8AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2023/11/10 2:15 p.m.3 views

CVE-2023-29426

Cross-Site Request Forgery CSRF vulnerability in Robert Schulz sprd.Net AG Spreadshop plugin = 1.6.5 versions...

8.8CVSS7.3AI score0.00312EPSS
Exploits0References1
Rows per page
Query Builder