Lucene search
K

54 matches found

Patchstack
Patchstack
added 2026/07/02 8:53 a.m.5 views

WordPress Mosaic Gallery &#8211; Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Mosaic Gallery Advanced Gallery versions = 1.2.0...

6.5CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55043

Name of the Vulnerable Software and Affected Versions Mosaic Gallery – Advanced Gallery versions prior to 1.2.1 Description A Cross Site Scripting XSS issue exists that allows users with Contributor privileges to execute malicious scripts. XSS is a type of security flaw where an attacker injects...

6.5CVSS6AI score0.00139EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/23 2:2 p.m.4 views

WordPress Themify Store Locator plugin <= 1.2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Store Locator versions = 1.2.0...

8.8CVSS5.9AI score0.00309EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36956

Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.28 views

CVE-2026-39519 WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/05 3:35 p.m.7 views

WordPress GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content plugin <= 1.2.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin GeekyBot versions = 1.2.0...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/08 11:28 a.m.3 views

WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin GeekyBot versions = 1.2.0...

6AI score0.00283EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39696 WordPress Elfsight WhatsApp Chat CC plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through = 1.2.0...

5.9AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.4 views

CVE-2026-22503

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through = 1.2.0...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.2 views

EUVD-2026-15511

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through = 1.2.0...

5.8AI score0.00504EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/03 11:42 p.m.6 views

WordPress Fortis for WooCommerce plugin <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint vulnerability

Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Fortis for WooCommerce versions = 1.2.0...

5.3CVSS5.4AI score0.00345EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/01 4:26 p.m.7 views

CVE-2025-49356

Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through = 1.2.0...

4.3CVSS5.9AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 4:7 p.m.4 views

CVE-2025-49356 WordPress Orders Chat for WooCommerce plugin <= 1.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through 1.2.0...

4.3CVSS6.6AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.8 views

CVE-2025-68533

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through = 1.2.0...

6.5CVSS6AI score0.00139EPSS
Exploits0References1
OSV
OSV
added 2025/12/24 1:16 p.m.4 views

CVE-2025-68533

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through = 1.2.0...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:21 a.m.9 views

CVE-2025-54741

CVE-2025-54741 is a Missing Authorization vulnerability in the WordPress plugin Super Blank (Tyler Moore Super Blank). Technical details across multiple sources indicate the issue affects Super Blank versions up to and including 1.2.0, caused by incorrectly configured access control security leve...

6.5CVSS6.6AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:15 p.m.14 views

CVE-2025-31029

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through = 1.2.0...

7.1CVSS0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/10/27 2:15 a.m.5 views

CVE-2025-62928

Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through = 1.2.0...

4.3CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 1:34 a.m.1 views

CVE-2025-62928 WordPress SEO Meta Description Updater plugin <= 1.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through = 1.2.0...

4.3CVSS6.6AI score0.00225EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/14 7:39 a.m.8 views

WordPress replyMail plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin replyMail versions = 1.2.0...

5.4CVSS7AI score0.00214EPSS
Exploits0Affected Software1
Rows per page
Query Builder