26 matches found
CVE-2026-39576
Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...
CVE-2026-39573
CVE-2026-39573 : Unauthenticated PHP Object Injection in WordPress Mildhill theme <= 1.5. Affected component: Mildhill theme (WordPress). Root cause: PHP Object Injection vulnerability. Impact: high across confidentiality, integrity, and availability (CVSSv3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/...
WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Eventicity versions = 1.5...
WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Mildhill versions = 1.5...
CVE-2026-27439
Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through = 1.5...
CVE-2026-28025
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Stargaze stargaze allows PHP Local File Inclusion.This issue affects Stargaze: from n/a through = 1.5...
CVE-2026-28025
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Stargaze stargaze allows PHP Local File Inclusion.This issue affects Stargaze: from n/a through = 1.5...
WordPress Ironfit theme <= 1.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Ironfit versions = 1.5...
CVE-2025-27002 WordPress CountDown With Image or Video Background plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...
CVE-2025-68977
CVE-2025-68977 affects DesignThemes Portfolio Addon (designthemes-portfolio-addon) with a Stored Cross-Site Scripting vulnerability in versions up to 1.5. The Wordfence entry confirms an authenticated (Contributor+) context for exploitation, indicating the issue requires user credentials to trigg...
CVE-2025-68573
Cross-Site Request Forgery CSRF vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through = 1.5...
CVE-2025-68573 WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through = 1.5...
CVE-2025-67627 WordPress Draft Notify plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TouchOfTech Draft Notify draft-notify allows Stored XSS.This issue affects Draft Notify: from n/a through = 1.5...
CVE-2024-37945
The CVE-2024-37945 entry concerns the WPBITS Addons For Elementor Page Builder plugin (versions
CVE-2023-28930
Cross-Site Request Forgery CSRF vulnerability in Robin Phillips Mobile Banner plugin = 1.5 versions...
WordPress WP SoundCloud Ultimate plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin SoundCloud Ultimate versions = 1.5...
WordPress BP Email Assign Templates Plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin BP Email Assign Templates versions = 1.5...
WordPress Pastebin plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Pastebin versions = 1.5...
WordPress Simple Redirection plugin <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect vulnerability
Cross-Site Request Forgery to Arbitrary Site Redirect vulnerability discovered by SOPROBRO in WordPress Plugin Simple Redirection versions = 1.5...
WordPress Quran Shortcode plugin <= 1.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Quran Shortcode versions = 1.5...