Lucene search
K

42 matches found

Cvelist
Cvelist
added 2026/06/17 9:50 a.m.29 views

CVE-2026-22325 WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/04/20 3:34 a.m.2 views

GHSA-3JC6-6R48-V6QF Deep Merge is Vulnerable to Prototype Pollution Through Lack of Sanitization

A Prototype Pollution vulnerability was determined in brikcss merge up to 1.3.0. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was...

7.3CVSS6.9AI score0.00336EPSS
Exploits0References6
NVD
NVD
added 2026/04/08 9:16 a.m.4 views

CVE-2026-39628

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

5.3CVSS0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.3 views

CVE-2026-32336

Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through = 1.3.0...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.2 views

CVE-2026-32380 WordPress Numinous theme <= 1.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through = 1.3.0...

5.8AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.30 views

CVE-2026-32380 WordPress Numinous theme <= 1.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through = 1.3.0...

5.3CVSS0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:53 a.m.4 views

CVE-2026-27332

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through = 1.3.0...

5.9AI score0.0018EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/03 12:21 p.m.5 views

WordPress Agrofood theme < 1.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Agrofood versions 1.4.0...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 3:47 p.m.4 views

CVE-2026-22366 WordPress Jude theme <= 1.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through = 1.3.0...

8.1CVSS5.5AI score0.00504EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:47 p.m.26 views

CVE-2026-22366 WordPress Jude theme <= 1.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through = 1.3.0...

8.1CVSS0.00504EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/17 8:10 a.m.4 views

WordPress Marveland theme <= 1.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Marveland versions = 1.3.0...

8.1CVSS5.5AI score0.00412EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/01 5:33 p.m.8 views

CVE-2025-49339

Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through = 1.3.3...

4.3CVSS5.7AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 5:15 p.m.5 views

CVE-2025-49339

Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through = 1.3.2...

4.3CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 4:30 p.m.2 views

CVE-2025-49340 WordPress Direct Payments WP plugin <= 1.3.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0...

4.3CVSS6.5AI score0.00272EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/10 11:16 a.m.5 views

WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Nelio Popups versions = 1.3.0...

6.1CVSS6.1AI score0.00134EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/11/21 1:15 p.m.9 views

CVE-2025-66111

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through = 1.3.0...

6.5CVSS0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 12:30 p.m.11 views

CVE-2025-66111 WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through = 1.3.0...

6.5CVSS0.00134EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 7:16 p.m.3 views

CVE-2025-58237

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a through = 2.2.4...

6.5CVSS0.00196EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/08 2:43 p.m.4 views

WordPress Carz Theme <= 1.3.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Carz versions = 1.3.0...

8.1CVSS7AI score0.00519EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/09/05 1:45 p.m.14 views

CVE-2025-58865 WordPress Compact Admin plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in reimund Compact Admin compact-admin allows Cross Site Request Forgery.This issue affects Compact Admin: from n/a through = 1.3.3...

4.3CVSS0.00119EPSS
Exploits0References1
Rows per page
Query Builder