28 matches found
CVE-2026-32371
Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elegant Pink: from n/a through = 1.3.3...
CVE-2026-32437 WordPress VW Portfolio theme <= 1.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through = 1.3.3...
CVE-2026-28053
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Miller christine-miller allows PHP Local File Inclusion.This issue affects Miller: from n/a through = 1.3.3...
CVE-2026-22363 WordPress Rhodos theme <= 1.3.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rhodos: from n/a through = 1.3.3...
CVE-2026-27090
Cross-Site Request Forgery CSRF vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through = 1.3.3...
CVE-2026-27090 WordPress Kenta Companion plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through = 1.3.3...
CVE-2026-27090
CVE-2026-27090 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin Kenta Companion (kenta-companion) , affecting versions up to 1.3.3 . The available documents identify the vulnerability and affected component but do not provide explicit exploit details, attack vectors, or remed...
WordPress Rhodos theme <= 1.3.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rhodos versions = 1.3.3...
CVE-2026-24940
Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...
CVE-2026-24940
Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...
CVE-2026-24940
CVE-2026-24940 concerns the WordPress Travelfic Toolkit plugin (travelfic-toolkit) with versions up to and including 1.3.3. The issue is described as Missing Authorization due to incorrectly configured access control security levels, effectively a broken access control vulnerability. The Red Hat,...
CVE-2025-69078
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through = 1.3.3...
CVE-2025-67967
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through = 1.3.3...
CVE-2025-69060
CVE-2025-69060 describes an Unrestricted Local File Inclusion in AncoraThemes uReach (WordPress theme/plugin: ureach). The root cause is Improper Control of Filename for Include/Require in a PHP program, enabling a PHP Local File Inclusion condition. Affected: uReach versions up to and including ...
CVE-2025-67966 WordPress Lawyer Directory plugin <= 1.3.3 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through = 1.3.3...
CVE-2025-60141
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thetechtribe The Tribal the-tech-tribe allows Stored XSS.This issue affects The Tribal: from n/a through = 1.3.3...
CVE-2025-60141
CVE-2025-60141 is a stored XSS issue in the Tribal WordPress plugin. The vulnerability is caused by improper input neutralization during web page generation and is exploitable only by authenticated users with Administrator+ privileges. Affected versions: The Tribal up to 1.3.3. The Wordfence entr...
WordPress Angela Theme <= 1.3.3 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Angela versions = 1.3.3...
WordPress Uxper Booking Plugin <= 1.3.3 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Uxper Booking versions = 1.3.3...
CVE-2025-48337
Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3...