Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/06/26 2:52 p.m.38 views

CVE-2026-56070 WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...

9.3CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.30 views

CVE-2026-1856 Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label

The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.7 views

CVE-2026-7284 Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyelhandleregister' function not restricting what user roles a user can register with...

9.8CVSS5.8AI score0.00494EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.4 views

CVE-2026-39705

Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.13 views

CVE-2025-69365

CVE-2025-69365 is an SQL Injection vulnerability in TeconceTheme Uroan Core (uroan-core) affecting versions up to and including 1.4.4. The issue is described as a Blind SQL Injection due to improper neutralization of special elements used in SQL commands, enabling an attacker to extract data with...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
NVD
NVD
added 2025/12/03 2:15 p.m.16 views

CVE-2025-13390

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...

10CVSS0.0472EPSS
Exploits3References4
Cvelist
Cvelist
added 2025/12/03 1:52 p.m.29 views

CVE-2025-13390 WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...

10CVSS0.0472EPSS
Exploits3References4
Cvelist
Cvelist
added 2025/12/02 8:24 a.m.17 views

CVE-2025-13724 VikRentCar Car Rental Management System <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS0.0029EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/07 2:32 p.m.6 views

CVE-2025-58787

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Popup themify-popup allows Stored XSS.This issue affects Themify Popup: from n/a through = 1.4.2...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.4 views

CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4...

5.4CVSS7.2AI score0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.7 views

PT-2025-33217 · Vonstroheim · Vonstroheim Thebooking

Name of the Vulnerable Software and Affected Versions: VonStroheim TheBooking versions n/a through 1.4.4 Description: TheBooking software contains a missing authorization flaw that allows access to functionality not properly constrained by Access Control Lists ACLs. Recommendations: Update...

7.3CVSS7.1AI score0.00271EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.15 views

CVE-2024-34432

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4...

6.5CVSS5.2AI score0.00409EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/16 3:45 p.m.7 views

CVE-2025-31068 WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4...

4.3CVSS7.2AI score0.00174EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/14 8:39 p.m.9 views

WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WooCommerce Basic Ordernumbers versions = 1.4.4...

5.4CVSS7AI score0.00393EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.13 views

PT-2023-9915 · Unknown · Xpressengine

Name of the Vulnerable Software and Affected Versions: XpressEngine versions up to 1.4.4 Description: A critical issue affects the Update Query Handler component, leading to sql injection. The estimated number of potentially affected devices worldwide is not available. There is no information abo...

9.8CVSS7.5AI score0.00608EPSS
Exploits0References7
Rows per page
Query Builder