40 matches found
CVE-2026-14459
Vulnerability: TUBITAK BILGEM pardus-software suffers an argument injection due to improper neutralization of command delimiters. Affects pardus-software
CVE-2026-22327 WordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...
EUVD-2025-210158
Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...
CVE-2025-60175
Administrator Server Side Request Forgery SSRF in PopAd = 1.0.4 versions...
CVE-2026-3574
The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight' in all versions...
EUVD-2026-15709
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...
CVE-2026-32520
Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...
CVE-2026-25397 WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through = 1.0.4...
PT-2026-28034
Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...
PT-2026-27936
Name of the Vulnerable Software and Affected Versions File Uploader for WooCommerce versions through 1.0.4 Description The File Uploader for WooCommerce software contains a path traversal flaw. The issue is due to insufficient sanitization of user-supplied input, specifically allowing the use of...
WordPress RewardsWP plugin <= 1.0.4 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by daroo in WordPress Plugin RewardsWP versions = 1.0.4...
WordPress Advance Block Extend plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability discovered by WordFence in WordPress Plugin Advance Block Extend versions = 1.0.4...
WordPress Shortcodes for Elementor plugin <= 1.0.4 - Authenticated (Contributor+) Post Disclosure vulnerability
Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Shortcodes for Elementor versions = 1.0.4...
CVE-2025-66151 WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through = 1.0.4...
CVE-2025-62083
CVE-2025-62083 affects BoomDevs WordPress Coming Soon Plugin (
CVE-2025-62115
Technical details for CVE-2025-62115 are not provided in the supplied documents. Monitor for updates from official advisories or vulnerability databases for affected products, versions, impact, and remediation.
WordPress Simple Video Management System plugin <= 1.0.4 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Simple Video Management System versions = 1.0.4...
CVE-2025-13542 DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation
The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlmsregisteruserfrontend' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to...
CVE-2025-11822 WP Bootstrap Tabs <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bootstraptab' shortcode in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2015-10146
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...