Lucene search
K

28 matches found

NVD
NVD
added 2026/03/13 7:54 p.m.6 views

CVE-2026-32371

Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elegant Pink: from n/a through = 1.3.3...

5.3CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32437 WordPress VW Portfolio theme <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through = 1.3.3...

5.3CVSS5.9AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:53 a.m.4 views

CVE-2026-28053

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Miller christine-miller allows PHP Local File Inclusion.This issue affects Miller: from n/a through = 1.3.3...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:47 p.m.23 views

CVE-2026-22363 WordPress Rhodos theme <= 1.3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rhodos: from n/a through = 1.3.3...

8.1CVSS0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.5 views

CVE-2026-27090

Cross-Site Request Forgery CSRF vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through = 1.3.3...

4.3CVSS5.5AI score0.00098EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.4 views

CVE-2026-27090 WordPress Kenta Companion plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Moose Kenta Companion kenta-companion allows Cross Site Request Forgery.This issue affects Kenta Companion: from n/a through = 1.3.3...

4.3CVSS5.5AI score0.00098EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:27 a.m.17 views

CVE-2026-27090

CVE-2026-27090 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin Kenta Companion (kenta-companion) , affecting versions up to 1.3.3 . The available documents identify the vulnerability and affected component but do not provide explicit exploit details, attack vectors, or remed...

4.3CVSS5.4AI score0.00098EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/17 8:8 a.m.7 views

WordPress Rhodos theme <= 1.3.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rhodos versions = 1.3.3...

8.1CVSS5.5AI score0.00512EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/03 3:16 p.m.16 views

CVE-2026-24940

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

4.3CVSS0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:8 p.m.3 views

CVE-2026-24940

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

5.3AI score0.00185EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 2:8 p.m.10 views

CVE-2026-24940

CVE-2026-24940 concerns the WordPress Travelfic Toolkit plugin (travelfic-toolkit) with versions up to and including 1.3.3. The issue is described as Missing Authorization due to incorrectly configured access control security levels, effectively a broken access control vulnerability. The Red Hat,...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:17 p.m.17 views

CVE-2025-69078

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through = 1.3.3...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.6 views

CVE-2025-67967

Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through = 1.3.3...

7.6CVSS0.00325EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.14 views

CVE-2025-69060

CVE-2025-69060 describes an Unrestricted Local File Inclusion in AncoraThemes uReach (WordPress theme/plugin: ureach). The root cause is Improper Control of Filename for Include/Require in a PHP program, enabling a PHP Local File Inclusion condition. Affected: uReach versions up to and including ...

8.1CVSS5.5AI score0.00512EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.4 views

CVE-2025-67966 WordPress Lawyer Directory plugin <= 1.3.3 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through = 1.3.3...

5.9AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2025/09/26 9:15 a.m.3 views

CVE-2025-60141

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thetechtribe The Tribal the-tech-tribe allows Stored XSS.This issue affects The Tribal: from n/a through = 1.3.3...

5.9CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2025/09/26 8:31 a.m.11 views

CVE-2025-60141

CVE-2025-60141 is a stored XSS issue in the Tribal WordPress plugin. The vulnerability is caused by improper input neutralization during web page generation and is exploitable only by authenticated users with Administrator+ privileges. Affected versions: The Tribal up to 1.3.3. The Wordfence entr...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/08 2:57 p.m.5 views

WordPress Angela Theme <= 1.3.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Angela versions = 1.3.3...

8.1CVSS7AI score0.00519EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/09/03 11:3 a.m.6 views

WordPress Uxper Booking Plugin <= 1.3.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Uxper Booking versions = 1.3.3...

5.9CVSS7.7AI score0.00309EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/06/06 12:15 p.m.4 views

CVE-2025-48337

Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3...

5.3CVSS5.2AI score0.00218EPSS
Exploits0References3
Rows per page
Query Builder