Lucene search
K

32 matches found

Patchstack
Patchstack
added 2026/06/24 1:32 p.m.8 views

WordPress EntreDroppers plugin <= 1.1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin EntreDroppers versions = 1.1.2...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/16 8:56 p.m.15 views

CVE-2025-69109

Technical details for CVE-2025-69109 are not provided in the supplied documents. No affected versions, root cause, impact, or remediation are stated here. Monitor for updates from the connected sources.

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 5:31 a.m.16 views

EUVD-2026-32063

The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.34 views

CVE-2026-8870 Team Master <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.29 views

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

9.8CVSS0.0051EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.9 views

CVE-2026-32383

CVE-2026-32383 describes a missing authorisation vulnerability in the WordPress Ridhi theme (Ridhi). Affected software: Ridhi theme versions n/a through

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32383 WordPress Ridhi theme <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through = 1.1.2...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.6 views

CVE-2026-27097 WordPress CasaMia | Property Rental Real Estate WordPress Theme theme <= 1.1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Them...

8.1CVSS5.8AI score0.00512EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2026-22377

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through = 1.1.2...

8.1CVSS0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:2 p.m.4 views

CVE-2025-13986 Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3...

4.2CVSS5.9AI score0.0022EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/16 8:11 a.m.9 views

WordPress onepay Payment Gateway For WooCommerce plugin <= 1.1.2 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by NumeX in WordPress Plugin onepay Payment Gateway For WooCommerce versions = 1.1.2...

6.5CVSS6.9AI score0.00215EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.5 views

CVE-2023-25482

Cross-Site Request Forgery CSRF vulnerability in Mike Martel WP Tiles plugin = 1.1.2 versions...

8.8CVSS7AI score0.00253EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/01 10:7 a.m.5 views

WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Issabella versions = 1.1.2...

8.1CVSS7.1AI score0.00334EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.5 views

CVE-2025-60174

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through = 1.1.2...

9.8CVSS7AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:13 p.m.3 views

CVE-2025-48097

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards allows Reflected XSS.This issue affects WSAnalytics: from n/a through = 1.1.2...

7.1CVSS6.4AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.4 views

EUVD-2025-35563

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards allows Reflected XSS.This issue affects WSAnalytics: from n/a through = 1.1.2...

6.1CVSS5.9AI score0.00208EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 6:30 p.m.3 views

CVE-2025-57940

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Suresh Kumar Mukhiya Append extensions on Pages append-extensions-on-pages allows Stored XSS.This issue affects Append extensions on Pages: from n/a through = 1.1.2...

5.9CVSS5.9AI score0.00276EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/08 2:33 p.m.8 views

WordPress WP Gravity Forms Constant Contact plugin plugin <= 1.1.2 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms Constant Contact Plugin versions = 1.1.2...

9.8CVSS7AI score0.00386EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.8 views

CVE-2023-27415

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Themeqx LetterPress plugin = 1.1.2 versions...

5.9CVSS5.2AI score0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/03 1:27 p.m.23 views

CVE-2025-30611 WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wptobe Wptobe-signinup wptobe-signinup allows Reflected XSS.This issue affects Wptobe-signinup: from n/a through = 1.1.2...

7.1CVSS0.00276EPSS
Exploits0References1
Rows per page
Query Builder