14 matches found
CVE-2026-57756
Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...
WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.9...
EUVD-2026-30256
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...
PT-2026-40893
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub dir' and 'media items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted...
CVE-2026-24981
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through = 1.4.9...
CVE-2026-24981 WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through = 1.4.9...
PT-2026-27874
Name of the Vulnerable Software and Affected Versions NooTheme Visionary Core versions n/a through 1.4.9 Description An issue exists in NooTheme Visionary Core that allows for object injection due to deserialization of untrusted data. This impacts the noo-visionary-core component. Recommendations...
WordPress WP Directory Kit plugin <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action vulnerability
Unauthenticated Email Exposure via wdkpublicaction vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin WP Directory Kit versions = 1.4.9...
CVE-2023-23646
Cross-Site Request Forgery CSRF vulnerability in A WP Life Album Gallery – WordPress Gallery plugin = 1.4.9 versions...
WordPress plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
WordPress Bootstrap Ultimate theme <= 1.4.9 - Unauthenticated Limited Local File Inclusion vulnerability
Unauthenticated Limited Local File Inclusion vulnerability discovered by Aril Aprilio forsak3n in WordPress Theme Bootstrap Ultimate versions = 1.4.9...
PT-2025-2212 · WordPress · Bootstrap Ultimate
Name of the Vulnerable Software and Affected Versions: Bootstrap Ultimate theme for WordPress versions up to and including 1.4.9 Description: The issue allows unauthenticated attackers to include PHP files on the server via the path parameter, enabling the execution of any PHP code in those files...
WordPress Motors plugin <= 1.4.9 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin Motors versions = 1.4.9...
CVE-2023-23803
Cross-Site Request Forgery CSRF vulnerability in HasThemes JustTables plugin = 1.4.9 versions...