42 matches found
CVE-2026-22325 WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...
GHSA-3JC6-6R48-V6QF Deep Merge is Vulnerable to Prototype Pollution Through Lack of Sanitization
A Prototype Pollution vulnerability was determined in brikcss merge up to 1.3.0. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was...
CVE-2026-39628
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...
CVE-2026-32336
Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through = 1.3.0...
CVE-2026-32380 WordPress Numinous theme <= 1.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through = 1.3.0...
CVE-2026-32380 WordPress Numinous theme <= 1.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through = 1.3.0...
CVE-2026-27332
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through = 1.3.0...
WordPress Agrofood theme < 1.4.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Agrofood versions 1.4.0...
CVE-2026-22366 WordPress Jude theme <= 1.3.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through = 1.3.0...
CVE-2026-22366 WordPress Jude theme <= 1.3.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through = 1.3.0...
WordPress Marveland theme <= 1.3.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Marveland versions = 1.3.0...
CVE-2025-49339
Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through = 1.3.3...
CVE-2025-49339
Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through = 1.3.2...
CVE-2025-49340 WordPress Direct Payments WP plugin <= 1.3.0 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0...
WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Nelio Popups versions = 1.3.0...
CVE-2025-66111
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through = 1.3.0...
CVE-2025-66111 WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through = 1.3.0...
CVE-2025-58237
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a through = 2.2.4...
WordPress Carz Theme <= 1.3.0 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Carz versions = 1.3.0...
CVE-2025-58865 WordPress Compact Admin plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in reimund Compact Admin compact-admin allows Cross Site Request Forgery.This issue affects Compact Admin: from n/a through = 1.3.3...