22 matches found
EUVD-2026-15606
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
EUVD-2026-11880
Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through = 1.2.7...
CVE-2026-25399 WordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through = 1.2.7...
PT-2026-20729
Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through = 1.2.7...
WordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Serious Slider versions = 1.2.7...
CVE-2025-68986
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through = 1.2.7...
CVE-2026-24535 WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...
CVE-2025-68986
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through = 1.2.7...
CVE-2025-68513
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Timeline Lite bold-timeline-lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through = 1.2.7...
CVE-2025-62998 WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through = 1.2.7...
EUVD-2025-202009
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through = 1.2.7...
CVE-2025-62994
CVE-2025-62994 relates to the WordPress plugin WP AI CoPilot (ai-co-pilot-for-wp) with versions up to and including 1.2.7. The issue is described as an insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data (information disclosure). The CVSS 3.1 vector in...
WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin WP AI CoPilot versions = 1.2.7...
CVE-2025-13157 QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
CVE-2025-52787 WordPress Tennis Court Bookings plugin <= 1.2.7 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EZiHosting Tennis Court Bookings allows Reflected XSS. This issue affects Tennis Court Bookings: from n/a through 1.2.7...
CVE-2025-22579
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arefly WP Header Notification wp-header-notification allows Stored XSS.This issue affects WP Header Notification: from n/a through = 1.2.7...
CVE-2024-47630
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.2.7...
WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin BookPress – For Book Authors versions = 1.2.7...
WordPress BookPress – For Book Authors Plugin <= 1.2.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin BookPress – For Book Authors versions = 1.2.7...
CVE-2023-28688
Cross-Site Request Forgery CSRF vulnerability in ThemeHunk TH Variation Swatches allows Cross Site Request Forgery.This issue affects TH Variation Swatches: from n/a through 1.2.7...