23 matches found
CVE-2025-69131
Affected software: WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (WordPress). Vulnerability: Unauthenticated Arbitrary File Download in versions
CVE-2026-39592
Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...
EUVD-2026-20231
Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...
CVE-2026-39592 WordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...
CVE-2026-32450
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0.7...
CVE-2026-0742
The CVE-2026-0742 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Smart Appointment & Booking, affecting versions up to and including 1.0.7. The issue arises from insufficient input sanitization and output escaping on attributes in the saab_save_form_data AJAX ...
CVE-2025-62123
Cross-Site Request Forgery CSRF vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through = 1.0.7...
CVE-2025-66148 WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Conformer for Elementor conformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through = 1.0.7...
EUVD-2025-38015
Improper Control of Generation of Code 'Code Injection' vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through = 1.0.7...
CVE-2025-53232
CVE-2025-53232 is a WP Gmail SMTP plugin vulnerability (wp-gmail-smtp) affecting versions up to 1.0.7. The issue is described as an insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data. The Red Hat and NVD entries corroborate this, noting WP Gmail SMTP
CVE-2025-10299
The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctlcreatelink AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with...
WordPress Planet Shakers Theme <= 1.0.7 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Planet Shakers versions = 1.0.7...
PT-2025-36182
Name of the Vulnerable Software and Affected Versions: David Merinas Auto Last Youtube Video versions n/a through 1.0.7 Description: A Cross-Site Request Forgery CSRF vulnerability exists in David Merinas Auto Last Youtube Video, which also allows Stored Cross-Site Scripting XSS. Recommendations:...
CVE-2025-48327
Missing Authorization vulnerability in inkthemes WP Mailgun SMTP wp-mailgun-smtp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Mailgun SMTP: from n/a through = 1.0.7...
CVE-2025-49279 WordPress Blogvy <= 1.0.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Unfoldwp Blogvy allows PHP Local File Inclusion. This issue affects Blogvy: from n/a through 1.0.7...
CVE-2025-47543 WordPress TrueBooker plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through = 1.0.7...
CVE-2025-32479
Cross-Site Request Forgery CSRF vulnerability in ab-tools Flags Widget flags-widget allows Stored XSS.This issue affects Flags Widget: from n/a through = 1.0.7...
WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting
Reflected Cross-Site Scripting vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin versions = 2.2...
WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin Animated Text Block versions = 1.0.7...
CVE-2023-29433
Missing Authorization vulnerability in carsonxu tencentcloud-cos tencentcloud-cos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects tencentcloud-cos: from n/a through = 1.0.7...