23 matches found
CVE-2026-6801
The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the contextblogmodalpopup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts...
CVE-2026-32455
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through = 1.3.5...
CVE-2025-68846
CVE-2025-68846 is a Reflected XSS affecting WordPress plugin Asynchronous Javascript (versions 1.3.5 (or later as released). Technical details are supported by connected Red Hat, NVD, CVE, and PatchStack entries indicating an XSS vulnerability in this plugin and the stated affected range; no exp...
CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...
CVE-2026-25016
Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through = 1.3.5...
CVE-2026-25016 WordPress Nelio Popups plugin <= 1.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through = 1.3.5...
CVE-2026-25016
CVE-2026-25016 concerns the Nelio Popups WordPress plugin. The issue is a Missing Authorization vulnerability caused by incorrectly configured access control, affecting Nelio Popups versions up to and including 1.3.5. Wordfence and CVE listings identify the flaw and note that a fix exists in newe...
CVE-2026-25016
Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through = 1.3.5...
EUVD-2026-5301
Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through = 1.3.5...
WordPress IMS Countdown plugin <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin IMS Countdown versions = 1.3.5...
CVE-2025-62750
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Filipe Seabra WooCommerce Parcelas woocommerce-parcelas allows DOM-Based XSS.This issue affects WooCommerce Parcelas: from n/a through = 1.3.5...
CVE-2025-69010
Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through = 1.3.5...
EUVD-2025-205733
Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through = 1.3.5...
CVE-2025-69010
Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through = 1.3.5...
CVE-2025-69014
Server-Side Request Forgery SSRF vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through = 1.3.7...
EUVD-2025-28202
Malicious code in bioql PyPI...
WordPress WP Gravity Forms FreshDesk plugin plugin <= 1.3.5 - Deserialization of untrusted data vulnerability
Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms FreshDesk Plugin versions = 1.3.5...
WordPress ACME Divi Modules plugin <= 1.3.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin ACME Divi Modules versions = 1.3.5...
WordPress plugin Coupon X 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress WPDash Notes plugin <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin WPDash Notes versions = 1.3.5...