Lucene search
+L

16 matches found

Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00252EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/11 3:44 a.m.30 views

CVE-2026-2354 Swiss Toolkit For WP <= 1.4.6 - Authenticated (Author+) Arbitrary File Upload via upload_extension_files()

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...

8.8CVSS0.00553EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 p.m.2 views

CVE-2025-67584 WordPress GoDAM plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in rtCamp GoDAM godam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDAM: from n/a through = 1.4.6...

6.6AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-49958

Name of the Vulnerable Software and Affected Versions rtCamp GoDAM versions through 1.4.6 Description An authorization issue exists in rtCamp GoDAM, allowing for an incorrect configuration of access control security levels and potential unauthorized access. Recommendations Update rtCamp GoDAM to ...

5.3CVSS6.5AI score0.00194EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/02 11:20 a.m.4 views

CVE-2025-13090 WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS6.2AI score0.00268EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/21 12:29 p.m.7 views

CVE-2025-66077 WordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through = 1.4.6...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 12:29 p.m.28 views

CVE-2025-66077 WordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through = 1.4.6...

5.3CVSS0.00227EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 9:15 a.m.7 views

CVE-2025-10140

The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00271EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 4:25 p.m.31 views

CVE-2025-32486

CVE-2025-32486 exists in the WordPress plugin “Material Dashboard” (Hossein Material Dashboard) up to version 1.4.6. The connected documents identify an unauthenticated privilege-escalation vulnerability linked to a weak password-recovery mechanism, enabling elevation of privileges within affecte...

9.8CVSS7.2AI score0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.10 views

PT-2025-36756

Name of the Vulnerable Software and Affected Versions: Hossein Material Dashboard versions n/a through 1.4.6 Description: A weakness exists in the password recovery mechanism for forgotten passwords in Hossein Material Dashboard. This issue could allow unauthorized access to accounts...

9.8CVSS8.6AI score0.00319EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/08/21 11:38 a.m.5 views

WordPress Organic Beauty Theme <= 1.4.6 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Organic Beauty versions = 1.4.6...

5.9CVSS7.2AI score0.00469EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:48 a.m.8 views

CVE-2024-33917

Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6...

5.3CVSS7AI score0.00414EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/24 1:3 p.m.8 views

WordPress Music Press Pro plugin <= 1.4.6 Broken Access Control Vulnerability

WordPress Music Press Pro plugin = 1.4.6 Broken Access Control Vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Music Press Pro versions = 1.4.6...

5.3CVSS6.9AI score0.00346EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/18 12:0 a.m.4 views

WordPress CarZine theme <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme CarZine versions = 1.4.6...

7.1CVSS6.1AI score0.00191EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/05 3:52 a.m.6 views

WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Ankit Patel in WordPress Plugin Ultimate Bootstrap Elements for Elementor versions = 1.4.6...

4.3CVSS6.9AI score0.00403EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/09/09 3:15 p.m.6 views

CVE-2022-38067

Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin = 1.4.6 at WordPress...

5.3CVSS5.8AI score0.00555EPSS
Exploits0References2
Rows per page
Query Builder