Lucene search
K

19 matches found

NVD
NVD
added 2026/04/18 2:16 a.m.8 views

CVE-2026-1559

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

6.4CVSS0.00195EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/08 6:43 a.m.22 views

CVE-2026-4808 Gerador de Certificados – DevApps <= 1.3.6 - Authenticated (Administrator+) Arbitrary File Upload

The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS0.00554EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.32 views

CVE-2026-27369 WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...

8.1CVSS0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.2 views

CVE-2025-69307 WordPress Medinik Core plugin <= 1.3.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...

5.7AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:17 p.m.12 views

CVE-2025-69038

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through = 1.3.6...

8.1CVSS5.5AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.5 views

CVE-2025-69038

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through = 1.3.6...

8.1CVSS0.00403EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/30 10:44 a.m.5 views

WordPress Hyori theme <= 1.3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Hyori versions = 1.3.6...

8.1CVSS7.1AI score0.00403EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 3:54 p.m.1 views

CVE-2025-60190 WordPress Immocaster WordPress Plugin plugin <= 1.3.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hinnerk Altenburg Immocaster WordPress Plugin immocaster allows PHP Local File Inclusion.This issue affects Immocaster WordPress Plugin: from n/a through = 1.3.6...

8.1CVSS6.7AI score0.00488EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/27 3:30 a.m.6 views

EUVD-2025-36037

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through = 1.3.6...

6.4AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 2:15 a.m.5 views

CVE-2025-62902

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through = 1.3.8...

5.3CVSS0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 1:34 a.m.1 views

CVE-2025-62966 WordPress GoCache plugin <= 1.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through = 1.3.6...

5.4CVSS6.6AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36538

Name of the Vulnerable Software and Affected Versions: SiempreCMS versions prior to 1.3.7 Description: A vulnerability was identified in SiempreCMS that allows for unrestricted file upload through manipulation of unknown code within the /docs/admin/file upload.php file. The attack can be launched...

7.5CVSS7.3AI score0.00421EPSS
Exploits0References9
NVD
NVD
added 2025/08/27 6:15 p.m.3 views

CVE-2025-58205

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.6...

6.5CVSS0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/27 5:45 p.m.13 views

CVE-2025-58192 WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through = 1.3.6...

4.3CVSS0.00164EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/03 7:48 a.m.6 views

WordPress Starbelly <= 1.3.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Starbelly versions = 1.3.6...

9.8CVSS6.9AI score0.00488EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.8 views

CVE-2024-43275

Cross-Site Request Forgery CSRF vulnerability in xyzscripts.Com Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6...

8.8CVSS7.3AI score0.00222EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 2:20 p.m.47 views

CVE-2025-47621

CVE-2025-47621 affects Meks Flexible Shortcodes (WordPress plugin), with stored XSS due to improper input neutralization in web page generation. Affected versions are 1.3.6 and earlier. The vulnerability was labeled patched in the Wordfence vulnerability details, indicating a fix is available, th...

6.5CVSS7.2AI score0.00209EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/16 2:22 a.m.5 views

WordPress HUSKY plugin <= 1.3.6 - Unauthenticated Time-Based SQL Injection vulnerability

Unauthenticated Time-Based SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin HUSKY versions = 1.3.6...

9.8CVSS8.1AI score0.19725EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/26 1:38 p.m.4 views

WordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability

HTML Injection vulnerability discovered by Sandeep Vishwakarma from eSec Forte Technologies Pvt Ltd. Patchstack Alliance in WordPress Plugin WP Directory Kit versions = 1.3.6...

2.7CVSS7.1AI score0.00316EPSS
Exploits0Affected Software1
Rows per page
Query Builder