32 matches found
WordPress EntreDroppers plugin <= 1.1.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin EntreDroppers versions = 1.1.2...
CVE-2025-69109
Technical details for CVE-2025-69109 are not provided in the supplied documents. No affected versions, root cause, impact, or remediation are stated here. Monitor for updates from the connected sources.
EUVD-2026-32063
The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-8870 Team Master <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...
CVE-2026-32383
CVE-2026-32383 describes a missing authorisation vulnerability in the WordPress Ridhi theme (Ridhi). Affected software: Ridhi theme versions n/a through
CVE-2026-32383 WordPress Ridhi theme <= 1.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through = 1.1.2...
CVE-2026-27097 WordPress CasaMia | Property Rental Real Estate WordPress Theme theme <= 1.1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Them...
CVE-2026-22377
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through = 1.1.2...
CVE-2025-13986 Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3...
WordPress onepay Payment Gateway For WooCommerce plugin <= 1.1.2 - Other Vulnerability Type vulnerability
Other Vulnerability Type vulnerability discovered by NumeX in WordPress Plugin onepay Payment Gateway For WooCommerce versions = 1.1.2...
CVE-2023-25482
Cross-Site Request Forgery CSRF vulnerability in Mike Martel WP Tiles plugin = 1.1.2 versions...
WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Issabella versions = 1.1.2...
CVE-2025-60174
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through = 1.1.2...
CVE-2025-48097
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards allows Reflected XSS.This issue affects WSAnalytics: from n/a through = 1.1.2...
EUVD-2025-35563
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards allows Reflected XSS.This issue affects WSAnalytics: from n/a through = 1.1.2...
CVE-2025-57940
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Suresh Kumar Mukhiya Append extensions on Pages append-extensions-on-pages allows Stored XSS.This issue affects Append extensions on Pages: from n/a through = 1.1.2...
WordPress WP Gravity Forms Constant Contact plugin plugin <= 1.1.2 - Deserialization of untrusted data vulnerability
Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms Constant Contact Plugin versions = 1.1.2...
CVE-2023-27415
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Themeqx LetterPress plugin = 1.1.2 versions...
CVE-2025-30611 WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wptobe Wptobe-signinup wptobe-signinup allows Reflected XSS.This issue affects Wptobe-signinup: from n/a through = 1.1.2...