Lucene search
+L

23 matches found

CVE
CVE
added 2026/06/16 8:57 p.m.14 views

CVE-2025-69131

Affected software: WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (WordPress). Vulnerability: Unauthenticated Arbitrary File Download in versions

7.5CVSS5.2AI score0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/10 7:23 p.m.5 views

CVE-2026-39592

Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20231

Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...

5.9AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39592 WordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...

5.8AI score0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.5 views

CVE-2026-32450

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0.7...

5.8AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/02/04 8:25 a.m.25 views

CVE-2026-0742

The CVE-2026-0742 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Smart Appointment & Booking, affecting versions up to and including 1.0.7. The issue arises from insufficient input sanitization and output escaping on attributes in the saab_save_form_data AJAX ...

6.4CVSS5.6AI score0.00264EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/01 4:26 p.m.9 views

CVE-2025-62123

Cross-Site Request Forgery CSRF vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through = 1.0.7...

4.3CVSS5.9AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 7:49 p.m.28 views

CVE-2025-66148 WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Conformer for Elementor conformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through = 1.0.7...

5.4CVSS0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 3:53 p.m.5 views

EUVD-2025-38015

Improper Control of Generation of Code 'Code Injection' vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through = 1.0.7...

6.6AI score0.00436EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 2:32 p.m.9 views

CVE-2025-53232

CVE-2025-53232 is a WP Gmail SMTP plugin vulnerability (wp-gmail-smtp) affecting versions up to 1.0.7. The issue is described as an insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data. The Red Hat and NVD entries corroborate this, noting WP Gmail SMTP

5.8CVSS6.5AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 9:15 a.m.9 views

CVE-2025-10299

The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctlcreatelink AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with...

8.8CVSS0.00334EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/08 2:33 p.m.4 views

WordPress Planet Shakers Theme <= 1.0.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Planet Shakers versions = 1.0.7...

8.1CVSS7AI score0.00519EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.5 views

PT-2025-36182

Name of the Vulnerable Software and Affected Versions: David Merinas Auto Last Youtube Video versions n/a through 1.0.7 Description: A Cross-Site Request Forgery CSRF vulnerability exists in David Merinas Auto Last Youtube Video, which also allows Stored Cross-Site Scripting XSS. Recommendations:...

7.1CVSS5.5AI score0.00118EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.5 views

CVE-2025-48327

Missing Authorization vulnerability in inkthemes WP Mailgun SMTP wp-mailgun-smtp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Mailgun SMTP: from n/a through = 1.0.7...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/09 3:53 p.m.6 views

CVE-2025-49279 WordPress Blogvy <= 1.0.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Unfoldwp Blogvy allows PHP Local File Inclusion. This issue affects Blogvy: from n/a through 1.0.7...

8.1CVSS7.4AI score0.00397EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 2:20 p.m.14 views

CVE-2025-47543 WordPress TrueBooker plugin <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through = 1.0.7...

4.3CVSS0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/11 5:20 p.m.8 views

CVE-2025-32479

Cross-Site Request Forgery CSRF vulnerability in ab-tools Flags Widget flags-widget allows Stored XSS.This issue affects Flags Widget: from n/a through = 1.0.7...

7.1CVSS7.2AI score0.00197EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/02 7:59 p.m.6 views

WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting

Reflected Cross-Site Scripting vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin versions = 2.2...

7.1CVSS6.3AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/02/24 3:13 p.m.8 views

WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin Animated Text Block versions = 1.0.7...

6.5CVSS7AI score0.00379EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/12/09 1:15 p.m.6 views

CVE-2023-29433

Missing Authorization vulnerability in carsonxu tencentcloud-cos tencentcloud-cos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects tencentcloud-cos: from n/a through = 1.0.7...

5.4CVSS5.8AI score0.00435EPSS
Exploits0References3
Rows per page
Query Builder