36 matches found
CVE-2026-39581 WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...
CVE-2026-32382
Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through = 1.1.4...
EUVD-2026-15923
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...
CVE-2026-32545
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...
CVE-2026-32500
CVE-2026-32500 corresponds to MetaMax (WordPress theme) from CreativeWS and is an unauthenticated Local File Inclusion (LFI) caused by improper control of the filename used in PHP include/require. Affected are MetaMax versions up to and including 1.1.4. The issue carries a high-risk CVSS v3.1 sco...
PT-2026-28058
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...
CVE-2026-32382
Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through = 1.1.4...
CVE-2026-32382
CVE-2026-32382 : For WordPress, the Digital Download theme (by raratheme) versions
CVE-2026-32382 WordPress Digital Download theme <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through = 1.1.4...
CVE-2026-27985
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Humanum humanum allows PHP Local File Inclusion.This issue affects Humanum: from n/a through = 1.1.4...
CVE-2026-27985 WordPress Humanum theme <= 1.1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Humanum humanum allows PHP Local File Inclusion.This issue affects Humanum: from n/a through = 1.1.4...
WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme Business Roy versions = 1.1.4...
CVE-2026-0702
CVE-2026-0702 refers to VidShop – Shoppable Videos for WooCommerce (WordPress). Affected versions up to and including 1.1.4 are vulnerable to unauthenticated time-based SQL Injection via the fields parameter due to insufficient escaping and lack of proper SQL query preparation. This can enable an...
PT-2026-5080
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-31048
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...
PT-2026-1265
Name of the Vulnerable Software and Affected Versions Themify Shopo versions through 1.1.4 Description An unrestricted file upload issue exists in Themify Shopo, allowing the upload of a web shell to a web server. This allows for remote code execution. The vulnerability involves the upload of fil...
CVE-2025-66153
Missing Authorization vulnerability in merkulove Headinger for Elementor headinger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through = 1.1.4...
CVE-2025-66153
CVE-2025-66153: Missing Authorization vulnerability in Headinger for Elementor (Merkulove) up to version 1.1.4. Affects Headinger for Elementor; CVSS 3.1 base score 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). No public exploit or remediation details are provided in the connected documents.
WordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Headinger for Elementor versions = 1.1.4...
CVE-2025-66163
Missing Authorization vulnerability in merkulove Masker for Elementor masker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masker for Elementor: from n/a through = 1.1.4...