27 matches found
CVE-2026-8335
A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...
CVE-2026-28010
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Scientia scientia allows PHP Local File Inclusion.This issue affects Scientia: from n/a through = 1.2.4...
CVE-2026-28089
CVE-2026-28089 is a reported Local File Inclusion in the WordPress theme Daiquiri (ThemeREX) up to version 1.2.4. The issue arises from improper control of filenames used in PHP include/require statements, enabling potential LFI. The description across sources confirms affected software (Daiquiri
WordPress Tediss theme <= 1.2.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tediss versions = 1.2.4...
WordPress Daiquiri theme <= 1.2.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Daiquiri versions = 1.2.4...
WordPress Consultor | Consulting, Accounting & Legal Counsel WordPress Theme theme <= 1.2.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Consultor | Consulting, Accounting & Legal Counsel WordPress Theme versions = 1.2.4...
CVE-2025-69393
Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through = 1.2.4...
CVE-2025-69393 WordPress Exzo theme <= 1.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through = 1.2.4...
CVE-2025-68896
Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through = 1.2.4...
PT-2026-4099
Name of the Vulnerable Software and Affected Versions WDV One Page Docs versions through 1.2.4 Description An authorization issue exists in vrpr WDV One Page Docs, specifically related to incorrectly configured access control security levels. This allows for unauthorized access. Recommendations...
EUVD-2025-36620
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...
EUVD-2025-36621
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through = 1.2.4...
CVE-2025-53350
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webjunk Calendar Plus calendar-plus allows Reflected XSS.This issue affects Calendar Plus: from n/a through = 1.2.4...
EUVD-2025-35393
Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through = 1.2.4...
CVE-2025-62008
Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through = 1.2.4...
CVE-2025-58681
Missing Authorization vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Quotes: from n/a through = 1.2.4...
PT-2025-34509 · WordPress · Ni Woocommerce Customer Product Report
Name of the Vulnerable Software and Affected Versions: Ni WooCommerce Customer Product Report plugin for WordPress versions up to and including 1.2.4 Description: The Ni WooCommerce Customer Product Report plugin for WordPress is susceptible to unauthorized data modification. This is due to a...
WordPress Magazine Elite Theme <= 1.2.4 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Magazine Elite versions = 1.2.4...
CVE-2025-31818
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ContentBot.ai ContentBot AI Writer content-bot allows Stored XSS.This issue affects ContentBot AI Writer: from n/a through = 1.2.4...
WordPress MyTicket Events plugin <= 1.2.4 - Non-Arbitrary File Read vulnerability
Non-Arbitrary File Read vulnerability discovered by Anhchangmutrang in WordPress Plugin MyTicket Events versions = 1.2.4...