14 matches found
CVE-2026-54845
Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...
CVE-2026-54845
Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...
WordPress plugin Hostinger Reach 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-25009
CVE-2026-25009 is a Missing Authorization vulnerability in Education Zone WordPress Theme. Affected software: Education Zone versions up to and including 1.3.8 (no details on earlier/other variants provided). Root cause: insufficient access control configuration allowing unauthorized actions on p...
CVE-2026-32436
Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through = 1.3.8...
CVE-2025-53454
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Stored XSS.This issue affects Ultimate WP Mail: from n/a through = 1.3.8...
WordPress Enhanced BibliPlug plugin <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting vulnerability
Authenticated Contirbutor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin Enhanced BibliPlug versions = 1.3.8...
CVE-2025-9855
CVE-2025-9855 : The Enhanced BibliPlug WordPress plugin is vulnerable to Stored Cross-Site Scripting in all versions up to and including 1.3.8 due to insufficient input sanitization and output escaping of user-supplied attributes in the shortcode bibliplug_authors. Exploitation requires authentic...
WordPress Pixeline's Email Protector Plugin <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Pixelines Email Protector versions = 1.3.8...
WordPress Diza theme <= 1.3.8 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Diza versions = 1.3.8...
WordPress AyeCode Connect plugin <= 1.3.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin AyeCode Connect versions = 1.3.8...
PT-2024-27334 · WordPress · Elementor Forms Plugin +2
Name of the Vulnerable Software and Affected Versions: The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to, and including, 1.3.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping...
CVE-2023-32587
Cross-Site Request Forgery CSRF vulnerability in WP Reactions, LLC WP Reactions Lite plugin = 1.3.8 versions...
CVE-2022-25615
Cross-Site Request Forgery CSRF in StylemixThemes eRoom – Zoom Meetings & Webinar WordPress plugin = 1.3.8 allows cache deletion...