15 matches found
CVE-2026-25387
Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through = 1.7.1...
CVE-2025-69188
Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through = 1.7.1...
WordPress fitness-trainer plugin <= 1.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin fitness-trainer versions = 1.7.1...
CVE-2025-14853 LEAV Last Email Address Validator <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update
The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...
PT-2025-52134
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jbhovik Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through = 1.7.1...
CVE-2025-64253 WordPress Health Check & Troubleshooting plugin <= 1.7.1 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through = 1.7.1...
CVE-2025-13339
CVE-2025-13339 concerns the Hippoo Mobile App for WooCommerce WordPress plugin. The Wordfence report confirms an unauthenticated path traversal vulnerability allowing reading of arbitrary files via the template_redirect() function, affecting all versions up to and including 1.7.1. The affected so...
CVE-2025-12720 g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2025-53242
Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through = 1.7.1...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: jq (UTSA-2025-986131)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986131 advisory. jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed...
CVE-2025-54724 WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through = 1.7.1...
WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Bonds in WordPress Theme Golo versions = 1.7.1...
AZL-61967 CVE-2024-23337 affecting package jq for versions less than 1.6-3
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...
WordPress CF7 WOW Styler plugin <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability
Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin CF7 WOW Styler versions = 1.7.1...
WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin EPROLO Dropshipping versions = 1.7.1...