15 matches found
CVE-2026-56070 WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability
Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...
CVE-2026-1856 Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label
The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-7284 Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyelhandleregister' function not restricting what user roles a user can register with...
CVE-2026-39705
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2025-69365
CVE-2025-69365 is an SQL Injection vulnerability in TeconceTheme Uroan Core (uroan-core) affecting versions up to and including 1.4.4. The issue is described as a Blind SQL Injection due to improper neutralization of special elements used in SQL commands, enabling an attacker to extract data with...
CVE-2025-13390
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...
CVE-2025-13390 WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...
CVE-2025-13724 VikRentCar Car Rental Management System <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-58787
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Popup themify-popup allows Stored XSS.This issue affects Themify Popup: from n/a through = 1.4.2...
CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4...
PT-2025-33217 · Vonstroheim · Vonstroheim Thebooking
Name of the Vulnerable Software and Affected Versions: VonStroheim TheBooking versions n/a through 1.4.4 Description: TheBooking software contains a missing authorization flaw that allows access to functionality not properly constrained by Access Control Lists ACLs. Recommendations: Update...
CVE-2024-34432
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.4.4...
CVE-2025-31068 WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4...
WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WooCommerce Basic Ordernumbers versions = 1.4.4...
PT-2023-9915 · Unknown · Xpressengine
Name of the Vulnerable Software and Affected Versions: XpressEngine versions up to 1.4.4 Description: A critical issue affects the Update Query Handler component, leading to sql injection. The estimated number of potentially affected devices worldwide is not available. There is no information abo...