Lucene search
+L

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.13 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/23 9:27 a.m.8 views

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.9...

9.8CVSS5.8AI score0.0036EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/14 6:44 a.m.27 views

EUVD-2026-30256

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...

6.5CVSS5.8AI score0.00526EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.30 views

PT-2026-40893

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub dir' and 'media items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted...

6.5CVSS5.8AI score0.00526EPSS
Exploits0References3
NVD
NVD
added 2026/03/25 5:16 p.m.13 views

CVE-2026-24981

Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through = 1.4.9...

8.8CVSS0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.31 views

CVE-2026-24981 WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through = 1.4.9...

8.8CVSS0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-27874

Name of the Vulnerable Software and Affected Versions NooTheme Visionary Core versions n/a through 1.4.9 Description An issue exists in NooTheme Visionary Core that allows for object injection due to deserialization of untrusted data. This impacts the noo-visionary-core component. Recommendations...

8.8CVSS5.9AI score0.00344EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/27 3:1 a.m.8 views

WordPress WP Directory Kit plugin <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action vulnerability

Unauthenticated Email Exposure via wdkpublicaction vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin WP Directory Kit versions = 1.4.9...

5.3CVSS5.9AI score0.00669EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:37 a.m.11 views

CVE-2023-23646

Cross-Site Request Forgery CSRF vulnerability in A WP Life Album Gallery – WordPress Gallery plugin = 1.4.9 versions...

8.8CVSS8.8AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.6 views

WordPress plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

6.5CVSS8.5AI score0.00337EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/24 9:40 a.m.6 views

WordPress Bootstrap Ultimate theme <= 1.4.9 - Unauthenticated Limited Local File Inclusion vulnerability

Unauthenticated Limited Local File Inclusion vulnerability discovered by Aril Aprilio forsak3n in WordPress Theme Bootstrap Ultimate versions = 1.4.9...

9.8CVSS7AI score0.01257EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.13 views

PT-2025-2212 · WordPress · Bootstrap Ultimate

Name of the Vulnerable Software and Affected Versions: Bootstrap Ultimate theme for WordPress versions up to and including 1.4.9 Description: The issue allows unauthenticated attackers to include PHP files on the server via the path parameter, enabling the execution of any PHP code in those files...

9.8CVSS8AI score0.01257EPSS
Exploits0References10
Patchstack
Patchstack
added 2024/07/02 2:1 a.m.8 views

WordPress Motors plugin <= 1.4.9 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin Motors versions = 1.4.9...

5.3CVSS7AI score0.0033EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/07/11 7:15 a.m.3 views

CVE-2023-23803

Cross-Site Request Forgery CSRF vulnerability in HasThemes JustTables plugin = 1.4.9 versions...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder