Lucene search
K

57 matches found

Cvelist
Cvelist
added 2026/06/17 12:47 p.m.31 views

CVE-2026-40756 WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

8.1CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.21 views

CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Esmée = 1.4 versions...

8.1CVSS0.0032EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/08 3:7 p.m.13 views

WordPress jQuery Hover Footnotes plugin <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by nishida azuka in WordPress Plugin jQuery Hover Footnotes versions = 1.4...

6.4CVSS5.4AI score0.00253EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 12:41 p.m.11 views

CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/20 11:9 a.m.7 views

WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Roisin versions = 1.4...

5.8AI score0.0025EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.3 views

CVE-2026-24972

Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through = 1.4...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-27865

Name of the Vulnerable Software and Affected Versions Elated Listing versions n/a through 1.4 Description A missing authorization flaw exists in Elated-Themes Elated Listing eltd-listing. This issue stems from incorrectly configured access control security levels, potentially allowing unauthorize...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.14 views

PT-2026-28021

Name of the Vulnerable Software and Affected Versions Elated-Themes Leroux versions prior to 1.4 Description An issue exists in Elated-Themes Leroux that allows for object injection due to the deserialization of untrusted data. This impacts the software's ability to securely handle data input...

5.4CVSS5.9AI score0.00167EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/10 10:27 a.m.4 views

WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rosebud versions = 1.4...

8.1CVSS5.8AI score0.00403EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/05 11:17 a.m.6 views

WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gioia versions = 1.4...

5.8AI score0.00504EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/03/05 6:16 a.m.4 views

CVE-2026-22451

Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4.7...

9.8CVSS0.0051EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/25 12:28 p.m.4 views

WordPress FixTeam theme <= 1.5.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FixTeam versions = 1.5.0...

8.1CVSS5.9AI score0.00504EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2025-69306

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through = 1.4...

9.3CVSS0.00283EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/02 7:40 p.m.6 views

WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.4...

6.4CVSS8.3AI score0.00452EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/24 8:26 a.m.4 views

CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:29 p.m.4 views

CVE-2026-24631

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through = 1.4...

5.4CVSS5.9AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/23 2:29 p.m.33 views

CVE-2026-24631 WordPress Rosebud theme <= 1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through = 1.4...

5.4CVSS0.00185EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/13 7:32 a.m.24 views

WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Brookside versions = 1.4...

6.1AI score0.002EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.4 views

CVE-2025-27004 WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famousgridimageandvideogallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Galler...

7.1CVSS6AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 8:0 p.m.2 views

CVE-2025-28949 WordPress Mediabay - WordPress Media Library Folders <= 1.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

8.5CVSS7.3AI score0.00209EPSS
Exploits0References1
Rows per page
Query Builder