Lucene search
+L

34 matches found

CVE
CVE
added 1 hour ago5 views

CVE-2026-16216

Geex-arts django-jet up to 1.0.8 contains a CSRF flaw in the OAuth Handler that can be exploited remotely. The vulnerability enables cross-site request forgery and is public, with no response from the project to the issue. The CVE reports a MEDIUM severity (CVSS 3.x/4.x family) and indicates no l...

5.3CVSS4.7AI score
Exploits0References6
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-16214 geex-arts django-jet Dashboard views.py authorization

A vulnerability was identified in geex-arts django-jet up to 1.0.8. This affects an unknown function of the file jet/dashboard/views.py of the component Dashboard Module. Such manipulation leads to authorization bypass. The attack can be executed remotely. The exploit is publicly available and...

6.5CVSS
Exploits0References6
CVE
CVE
added 2 hours ago6 views

CVE-2026-16214

CVE-2026-16214 affects geex-arts django-jet up to version 1.0.8, specifically the Dashboard Module’s jet/dashboard/views.py component. The documentation reports an authorization bypass vulnerability caused by manipulation of an unknown function, with remote exploitation possible and a publicly av...

6.5CVSS6.2AI score
Exploits0References6
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2025-69116

Unauthenticated Local File Inclusion in Iona = 1.0.8 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.24 views

CVE-2025-69116 WordPress Iona theme <= 1.0.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Iona = 1.0.8 versions...

8.1CVSS0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42727

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

9.3CVSS5.6AI score0.00283EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42727

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/26 5:45 a.m.13 views

WordPress Iona theme <= 1.0.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Iona versions = 1.0.8...

5.8AI score0.00435EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/21 2:27 a.m.45 views

CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS0.00311EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.35 views

CVE-2026-4089 Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

6.4CVSS0.00288EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/04 1:21 a.m.37 views

CVE-2026-1980 WPBookit <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure

The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'getcustomerlist' route in all versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to retrieve sensitive customer information includin...

5.3CVSS0.00375EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.29 views

CVE-2025-67977 WordPress HAPPY plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.8...

8.2CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 2026/02/18 7:25 a.m.18 views

CVE-2026-2112

CVE-2026-2112 (Dam Spam WordPress plugin) : The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0.8 due to missing nonce verification on the pending comment deletion action in the cleanup page. This allows unauthenticated attackers to delete all p...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/07 6:40 a.m.5 views

WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Dashboard Welcome for Beaver Builder versions = 1.0.8...

5.3CVSS7AI score0.00176EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/12/31 4:15 p.m.5 views

CVE-2025-59130

Cross-Site Request Forgery CSRF vulnerability in appointify Appointify appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through = 1.0.8...

4.3CVSS0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 4:6 p.m.6 views

EUVD-2025-206037

Cross-Site Request Forgery CSRF vulnerability in Appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through 1.0.8...

4.3CVSS6.3AI score0.00098EPSS
Exploits0References2
NVD
NVD
added 2025/12/24 1:16 p.m.6 views

CVE-2023-28619

Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8...

4.3CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/24 12:43 p.m.5 views

EUVD-2023-32287

Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8...

4.3CVSS6.5AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 2025/12/16 9:15 a.m.4 views

CVE-2025-66161

Missing Authorization vulnerability in merkulove Grider for Elementor grider-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grider for Elementor: from n/a through = 1.0.8...

5.4CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 5:31 a.m.30 views

CVE-2025-13360 Quantic Social Image Hover <= 1.0.8 - Cross-Site Request Forgery to Settings Update

The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00129EPSS
Exploits0References3
Rows per page
Query Builder