Lucene search
+L

21 matches found

Patchstack
Patchstack
added 2026/07/09 1:58 p.m.5 views

WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin AIWU versions = 1.5.4...

9.3CVSS6.1AI score0.0025EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:46 p.m.34 views

CVE-2026-24618 WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...

4.3CVSS0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.12 views

CVE-2026-24588

Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through = 1.5.4...

4.3CVSS5.3AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:29 p.m.2 views

CVE-2026-24588 WordPress Smart Product Viewer plugin <= 1.5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through = 1.5.4...

4.3CVSS5.4AI score0.00235EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/18 6:29 a.m.8 views

WordPress Smart Product Viewer plugin <= 1.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Smart Product Viewer versions = 1.5.4...

4.3CVSS5.3AI score0.00235EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/12/16 8:13 a.m.37 views

CVE-2025-68079 WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through = 1.5.4...

6.5CVSS0.00135EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/11 8:43 p.m.7 views

WordPress Better Elementor Addons plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Better Elementor Addons versions = 1.5.5...

6.4CVSS5.3AI score0.00203EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.6 views

CVE-2025-12646

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS6.8AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 12:31 p.m.7 views

CVE-2025-11632 Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with...

4.3CVSS4.7AI score0.00246EPSS
Exploits0References7
CVE
CVE
added 2025/08/15 2:24 a.m.32 views

CVE-2025-6025

CVE-2025-6025 concerns the Order Tip for WooCommerce plugin (WordPress) with unauthenticated input validation failure on the data-tip attribute, affecting all versions up to 1.5.4. The issue enables callers to submit tip values (including negative amounts) that can yield unauthorized discounts, p...

7.5CVSS7AI score0.00456EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.4 views

CVE-2024-10621

The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pwmap shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00336EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/28 7:32 p.m.6 views

WordPress Bit Assist plugin <= 1.5.4 - Path Traversal vulnerability

Path Traversal vulnerability discovered by Falgun Patel in WordPress Plugin Bit Assist versions = 1.5.4...

7.5CVSS7AI score0.00512EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.7 views

PT-2025-4554 · Unknown · Faaiq Pretty Url

Name of the Vulnerable Software and Affected Versions: Faaiq Pretty Url versions 1.5.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. Recommendations: For versions 1.5.4 and earlier, update to a version that fixes this...

4.3CVSS7AI score0.00185EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/06 12:7 p.m.3 views

WordPress Food Store plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin Food Store – Online Food Delivery & Pickup versions = 1.5.4...

7.1CVSS6.1AI score0.00309EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/08 10:40 p.m.7 views

WordPress Top Store theme <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation vulnerability

Authenticated Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by WordFence in WordPress Theme Top Store versions = 1.5.4...

8.8CVSS7.1AI score0.01146EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/07/12 9:15 a.m.5 views

CVE-2024-6353

The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'searchvalue' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

6.5CVSS5.9AI score0.00512EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/07/12 6:46 a.m.6 views

WordPress Wallet for WooCommerce plugin <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]' vulnerability

Authenticated Subscriber+ SQL Injection via 'searchvalue' vulnerability discovered by 1337Wannabe in WordPress Plugin TeraWallet – For WooCommerce versions = 1.5.4...

8.8CVSS8.1AI score0.00512EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/11/06 10:15 a.m.7 views

CVE-2023-46823

A vulnerability in Avirtum ImageLinks Interactive Image Builder imagelinks-interactive-image-builder-lite.This issue affects ImageLinks Interactive Image Builder: from n/a through = 1.5.4...

7.6CVSS7AI score0.008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/16 12:0 a.m.8 views

PT-2023-20717 · Amember · Amember

Name of the Vulnerable Software and Affected Versions: asMember plugin versions = 1.5.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For asMember plugin versions = 1.5.4, update ...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References3
OSV
OSV
added 2023/05/22 10:15 a.m.3 views

CVE-2022-44739

Cross-Site Request Forgery CSRF vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin = 1.5.4 versions...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References1
Rows per page
Query Builder