16 matches found
CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets
The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-2354 Swiss Toolkit For WP <= 1.4.6 - Authenticated (Author+) Arbitrary File Upload via upload_extension_files()
The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...
CVE-2025-67584 WordPress GoDAM plugin <= 1.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in rtCamp GoDAM godam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDAM: from n/a through = 1.4.6...
PT-2025-49958
Name of the Vulnerable Software and Affected Versions rtCamp GoDAM versions through 1.4.6 Description An authorization issue exists in rtCamp GoDAM, allowing for an incorrect configuration of access control security levels and potential unauthorized access. Recommendations Update rtCamp GoDAM to ...
CVE-2025-13090 WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-66077 WordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through = 1.4.6...
CVE-2025-66077 WordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through = 1.4.6...
CVE-2025-10140
The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-32486
CVE-2025-32486 exists in the WordPress plugin “Material Dashboard” (Hossein Material Dashboard) up to version 1.4.6. The connected documents identify an unauthenticated privilege-escalation vulnerability linked to a weak password-recovery mechanism, enabling elevation of privileges within affecte...
PT-2025-36756
Name of the Vulnerable Software and Affected Versions: Hossein Material Dashboard versions n/a through 1.4.6 Description: A weakness exists in the password recovery mechanism for forgotten passwords in Hossein Material Dashboard. This issue could allow unauthorized access to accounts...
WordPress Organic Beauty Theme <= 1.4.6 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Organic Beauty versions = 1.4.6...
CVE-2024-33917
Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6...
WordPress Music Press Pro plugin <= 1.4.6 Broken Access Control Vulnerability
WordPress Music Press Pro plugin = 1.4.6 Broken Access Control Vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Music Press Pro versions = 1.4.6...
WordPress CarZine theme <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme CarZine versions = 1.4.6...
WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability
Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Ankit Patel in WordPress Plugin Ultimate Bootstrap Elements for Elementor versions = 1.4.6...
CVE-2022-38067
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin = 1.4.6 at WordPress...