11 matches found
CVE-2025-53302
Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...
CVE-2025-53302
CVE-2025-53302 in WordPress Theme Constructor (<= 1.6.5) is a Missing Authorization / Broken Access Control issue. Publicly disclosed details indicate unauthenticated access to restricted functionality due to ACL constraints, affecting Constructor versions up to 1.6.5. CVSS v3.1 base score is ...
aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +215 more potentially affected by CVE-2025-68158 via authlib (>=1.0.0 <=1.6.5)
authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-68158 Source advisory:...
CVE-2025-62065 WordPress RTMKit plugin <= 1.6.5 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through = 1.6.5...
CVE-2025-11576 AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection
The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebytechatbotexportmessages' function. This makes it possible for...
CVE-2025-10496
CVE-2025-10496 affects the WordPress plugin Cookie Notice & Consent (versions up to 1.6.5). Root cause: stored cross-site scripting via the uuid parameter due to insufficient input sanitization/output escaping. Impact: unauthenticated attackers can inject arbitrary scripts that execute when users...
CVE-2025-9194
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...
EUVD-2025-27816
Malicious code in bioql PyPI...
WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Sulabh Jain in WordPress Theme Constructor versions = 1.6.5...
CVE-2025-47542
Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5...
CVE-2023-29426
Cross-Site Request Forgery CSRF vulnerability in Robert Schulz sprd.Net AG Spreadshop plugin = 1.6.5 versions...