Lucene search
+L

36 matches found

Cvelist
Cvelist
added 2026/06/16 9:0 a.m.32 views

CVE-2026-39581 WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

8.5CVSS0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.6 views

CVE-2026-32382

Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through = 1.1.4...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.4 views

CVE-2026-32545

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 4:15 p.m.8 views

CVE-2026-32500

CVE-2026-32500 corresponds to MetaMax (WordPress theme) from CreativeWS and is an unauthenticated Local File Inclusion (LFI) caused by improper control of the filename used in PHP include/require. Affected are MetaMax versions up to and including 1.1.4. The issue carries a high-risk CVSS v3.1 sco...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-28058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...

5.8AI score0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32382

Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through = 1.1.4...

5.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.9 views

CVE-2026-32382

CVE-2026-32382 : For WordPress, the Digital Download theme (by raratheme) versions

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.26 views

CVE-2026-32382 WordPress Digital Download theme <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through = 1.1.4...

5.3CVSS0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.5 views

CVE-2026-27985

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Humanum humanum allows PHP Local File Inclusion.This issue affects Humanum: from n/a through = 1.1.4...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:54 a.m.31 views

CVE-2026-27985 WordPress Humanum theme <= 1.1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Humanum humanum allows PHP Local File Inclusion.This issue affects Humanum: from n/a through = 1.1.4...

8.1CVSS0.00403EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/30 2:10 p.m.6 views

WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Theme Business Roy versions = 1.1.4...

4.3CVSS5.4AI score0.00243EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/01/28 8:26 a.m.22 views

CVE-2026-0702

CVE-2026-0702 refers to VidShop – Shoppable Videos for WooCommerce (WordPress). Affected versions up to and including 1.1.4 are vulnerable to unauthenticated time-based SQL Injection via the fields parameter due to insufficient escaping and lack of proper SQL query preparation. This can enable an...

7.5CVSS5.9AI score0.00409EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.14 views

PT-2026-5080

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS5.9AI score0.00409EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/06 11:14 a.m.15 views

CVE-2025-31048

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...

9.9CVSS4.6AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.9 views

PT-2026-1265

Name of the Vulnerable Software and Affected Versions Themify Shopo versions through 1.1.4 Description An unrestricted file upload issue exists in Themify Shopo, allowing the upload of a web shell to a web server. This allows for remote code execution. The vulnerability involves the upload of fil...

9.9CVSS7.9AI score0.00264EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/01 7:28 p.m.7 views

CVE-2025-66153

Missing Authorization vulnerability in merkulove Headinger for Elementor headinger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through = 1.1.4...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 6:31 p.m.20 views

CVE-2025-66153

CVE-2025-66153: Missing Authorization vulnerability in Headinger for Elementor (Merkulove) up to version 1.1.4. Affects Headinger for Elementor; CVSS 3.1 base score 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). No public exploit or remediation details are provided in the connected documents.

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 5:14 p.m.13 views

WordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Headinger for Elementor versions = 1.1.4...

5.4CVSS6.8AI score0.00173EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/12/16 9:15 a.m.4 views

CVE-2025-66163

Missing Authorization vulnerability in merkulove Masker for Elementor masker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masker for Elementor: from n/a through = 1.1.4...

5.4CVSS0.00174EPSS
Exploits0References1
Rows per page
Query Builder