29 matches found
CVE-2026-6370 WordPress Mini Ajax Cart for WooCommerce plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for WooCommerce: from n/a through 1.3.4...
WordPress Mini Ajax Cart for WooCommerce plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ali Osman ERBAS 0110m4n in WordPress Plugin Mini Ajax Cart for WooCommerce versions = 1.3.4...
CVE-2026-39709
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through = 1.3.4...
CVE-2026-39709
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through = 1.3.4...
CVE-2026-32449
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through = 1.3.4...
CVE-2026-22477
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affects Felizia: from n/a through = 1.3.4...
EUVD-2026-9728
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Rhythmo rhythmo allows PHP Local File Inclusion.This issue affects Rhythmo: from n/a through = 1.3.4...
CVE-2026-1252
The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2025-69039
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through = 1.3.4...
CVE-2025-69184
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3.4...
CVE-2025-69184
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3.4...
CVE-2025-69184 WordPress Institutions Directory plugin <= 1.3.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3.4...
CVE-2025-69039
CVE-2025-69039 is an unauthenticated Local File Inclusion vulnerability in the WordPress theme Bailly (DesignThemes Bailly/Bailly) affecting versions up to and including 1.3.4. The issue arises from improper control of the filename used in PHP include/require statements, enabling an attacker to p...
WordPress Lawyer Directory plugin <= 1.3.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lawyer Directory versions = 1.3.4...
EUVD-2025-203554
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup xPromoter topbarpromoter allows Blind SQL Injection.This issue affects xPromoter: from n/a through = 1.3.4...
EUVD-2023-40478
Malicious code in bioql PyPI...
WordPress Kipso Theme <= 1.3.4 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kipso versions = 1.3.4...
WordPress Sofass theme <= 1.3.4 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Sofass versions = 1.3.4...
WordPress Services Section block plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Logan Cote Patchstack Alliance in WordPress Plugin Services Section block versions = 1.3.4...
WordPress Distance Rate Shipping for WooCommerce plugin <= 1.3.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Distance Rate Shipping for WooCommerce versions = 1.3.4...