19 matches found
CVE-2026-1559
The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkinplaceid' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2026-4808 Gerador de Certificados – DevApps <= 1.3.6 - Authenticated (Administrator+) Arbitrary File Upload
The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moveUploadedFile function in all versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, with Administrator-level access...
CVE-2026-27369 WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...
CVE-2025-69307 WordPress Medinik Core plugin <= 1.3.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...
CVE-2025-69038
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through = 1.3.6...
CVE-2025-69038
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through = 1.3.6...
WordPress Hyori theme <= 1.3.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Hyori versions = 1.3.6...
CVE-2025-60190 WordPress Immocaster WordPress Plugin plugin <= 1.3.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hinnerk Altenburg Immocaster WordPress Plugin immocaster allows PHP Local File Inclusion.This issue affects Immocaster WordPress Plugin: from n/a through = 1.3.6...
EUVD-2025-36037
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through = 1.3.6...
CVE-2025-62902
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through = 1.3.8...
CVE-2025-62966 WordPress GoCache plugin <= 1.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through = 1.3.6...
PT-2025-36538
Name of the Vulnerable Software and Affected Versions: SiempreCMS versions prior to 1.3.7 Description: A vulnerability was identified in SiempreCMS that allows for unrestricted file upload through manipulation of unknown code within the /docs/admin/file upload.php file. The attack can be launched...
CVE-2025-58205
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.3.6...
CVE-2025-58192 WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through = 1.3.6...
WordPress Starbelly <= 1.3.6 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Starbelly versions = 1.3.6...
CVE-2024-43275
Cross-Site Request Forgery CSRF vulnerability in xyzscripts.Com Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6...
CVE-2025-47621
CVE-2025-47621 affects Meks Flexible Shortcodes (WordPress plugin), with stored XSS due to improper input neutralization in web page generation. Affected versions are 1.3.6 and earlier. The vulnerability was labeled patched in the Wordfence vulnerability details, indicating a fix is available, th...
WordPress HUSKY plugin <= 1.3.6 - Unauthenticated Time-Based SQL Injection vulnerability
Unauthenticated Time-Based SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin HUSKY versions = 1.3.6...
WordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability
HTML Injection vulnerability discovered by Sandeep Vishwakarma from eSec Forte Technologies Pvt Ltd. Patchstack Alliance in WordPress Plugin WP Directory Kit versions = 1.3.6...