Lucene search
+L

26 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2025-63079

Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...

4.3CVSS0.00197EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:51 p.m.7 views

WordPress Live Copy Paste for Elementor plugin <= 1.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Live Copy Paste for Elementor versions = 1.5.4...

4.3CVSS5.8AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/07 11:16 a.m.7 views

WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Event Tickets Manager for WooCommerce versions = 1.5.3...

5.9AI score0.00246EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/25 1:25 a.m.9 views

EUVD-2026-15181

The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes ...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 1:25 a.m.12 views

CVE-2026-4766 Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta

The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes ...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.3 views

CVE-2026-28060 WordPress S.King theme <= 1.5.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX S.King stephanie-king allows PHP Local File Inclusion.This issue affects S.King: from n/a through = 1.5.3...

8.1CVSS5.9AI score0.00415EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:54 a.m.4 views

CVE-2026-28060

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX S.King stephanie-king allows PHP Local File Inclusion.This issue affects S.King: from n/a through = 1.5.3...

5.9AI score0.00415EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 9:16 a.m.4 views

CVE-2026-25004

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue affects CM Business Directory: from n/a through = 1.5.3...

5.9CVSS0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.4 views

CVE-2026-25004 WordPress CM Business Directory plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue affects CM Business Directory: from n/a through = 1.5.3...

5.9CVSS5.9AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 8:25 a.m.7 views

EUVD-2026-5511

The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS5.8AI score0.00339EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.4 views

CVE-2025-64272 WordPress Email marketing for WordPress by GetResponse Official plugin <= 1.5.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Retrieve Embedded Sensitive Data.This issue affects Email marketing for WordPress by GetResponse Official: from...

6.5CVSS6.4AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35476

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Globalis MultiSite Clone Duplicator multisite-clone-duplicator allows Reflected XSS.This issue affects MultiSite Clone Duplicator: from n/a through = 1.5.3...

5.9AI score0.00235EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/25 1:27 p.m.7 views

WordPress Email marketing for WordPress by GetResponse Official plugin <= 1.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Email marketing for WordPress by GetResponse Official versions = 1.5.3...

7.5CVSS7AI score0.00181EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/09/08 1:30 p.m.4 views

WordPress Accalia Theme <= 1.5.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Accalia versions = 1.5.3...

8.1CVSS6.9AI score0.00649EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/09/08 12:0 a.m.4 views

WordPress Accalia Theme <= 1.5.3 is vulnerable to Local File Inclusion

Software Accalia Type Theme Vulnerable versions = 1.5.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c9c28aa34cba Credits Bonds Required privilege Unauthenticated Published ...

8.1CVSS7.6AI score0.00649EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/09/05 2:16 p.m.14 views

CVE-2025-58862

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar allows Stored XSS.This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through = 1.5...

6.5CVSS0.00154EPSS
Exploits0References1
NVD
NVD
added 2025/08/31 4:15 a.m.4 views

CVE-2024-32589

Missing Authorization vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through = 1.5.3...

7.1CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/28 12:37 p.m.3 views

CVE-2025-49387 WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.5.3...

10CVSS6.3AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.18 views

CVE-2025-25092 WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

7.1CVSS0.00352EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/03 4:12 p.m.5 views

WordPress All push notification for WP plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin All push notification for WP versions = 1.5.3...

7.1CVSS6.1AI score0.00352EPSS
Exploits0Affected Software1
Rows per page
Query Builder