54 matches found
WordPress Mosaic Gallery – Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Mosaic Gallery Advanced Gallery versions = 1.2.0...
PT-2026-55043
Name of the Vulnerable Software and Affected Versions Mosaic Gallery – Advanced Gallery versions prior to 1.2.1 Description A Cross Site Scripting XSS issue exists that allows users with Contributor privileges to execute malicious scripts. XSS is a type of security flaw where an attacker injects...
WordPress Themify Store Locator plugin <= 1.2.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Store Locator versions = 1.2.0...
EUVD-2026-36956
Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...
CVE-2026-39519 WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability
Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...
WordPress GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content plugin <= 1.2.0 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin GeekyBot versions = 1.2.0...
WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin GeekyBot versions = 1.2.0...
CVE-2026-39696 WordPress Elfsight WhatsApp Chat CC plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through = 1.2.0...
CVE-2026-22503
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through = 1.2.0...
EUVD-2026-15511
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through = 1.2.0...
WordPress Fortis for WooCommerce plugin <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint vulnerability
Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Fortis for WooCommerce versions = 1.2.0...
CVE-2025-49356
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through = 1.2.0...
CVE-2025-49356 WordPress Orders Chat for WooCommerce plugin <= 1.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through 1.2.0...
CVE-2025-68533
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through = 1.2.0...
CVE-2025-68533
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through = 1.2.0...
CVE-2025-54741
CVE-2025-54741 is a Missing Authorization vulnerability in the WordPress plugin Super Blank (Tyler Moore Super Blank). Technical details across multiple sources indicate the issue affects Super Blank versions up to and including 1.2.0, caused by incorrectly configured access control security leve...
CVE-2025-31029
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through = 1.2.0...
CVE-2025-62928
Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through = 1.2.0...
CVE-2025-62928 WordPress SEO Meta Description Updater plugin <= 1.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through = 1.2.0...
WordPress replyMail plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin replyMail versions = 1.2.0...