21 matches found
WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by VanTastic in WordPress Plugin AIWU versions = 1.5.4...
CVE-2026-24618 WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...
CVE-2026-24588
Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through = 1.5.4...
CVE-2026-24588 WordPress Smart Product Viewer plugin <= 1.5.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through = 1.5.4...
WordPress Smart Product Viewer plugin <= 1.5.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Smart Product Viewer versions = 1.5.4...
CVE-2025-68079 WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through = 1.5.4...
WordPress Better Elementor Addons plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Better Elementor Addons versions = 1.5.5...
CVE-2025-12646
The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-11632 Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions
The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with...
CVE-2025-6025
CVE-2025-6025 concerns the Order Tip for WooCommerce plugin (WordPress) with unauthenticated input validation failure on the data-tip attribute, affecting all versions up to 1.5.4. The issue enables callers to submit tip values (including negative amounts) that can yield unauthorized discounts, p...
CVE-2024-10621
The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pwmap shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Bit Assist plugin <= 1.5.4 - Path Traversal vulnerability
Path Traversal vulnerability discovered by Falgun Patel in WordPress Plugin Bit Assist versions = 1.5.4...
PT-2025-4554 · Unknown · Faaiq Pretty Url
Name of the Vulnerable Software and Affected Versions: Faaiq Pretty Url versions 1.5.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. Recommendations: For versions 1.5.4 and earlier, update to a version that fixes this...
WordPress Food Store plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana in WordPress Plugin Food Store – Online Food Delivery & Pickup versions = 1.5.4...
WordPress Top Store theme <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation vulnerability
Authenticated Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by WordFence in WordPress Theme Top Store versions = 1.5.4...
CVE-2024-6353
The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'searchvalue' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
WordPress Wallet for WooCommerce plugin <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]' vulnerability
Authenticated Subscriber+ SQL Injection via 'searchvalue' vulnerability discovered by 1337Wannabe in WordPress Plugin TeraWallet – For WooCommerce versions = 1.5.4...
CVE-2023-46823
A vulnerability in Avirtum ImageLinks Interactive Image Builder imagelinks-interactive-image-builder-lite.This issue affects ImageLinks Interactive Image Builder: from n/a through = 1.5.4...
PT-2023-20717 · Amember · Amember
Name of the Vulnerable Software and Affected Versions: asMember plugin versions = 1.5.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For asMember plugin versions = 1.5.4, update ...
CVE-2022-44739
Cross-Site Request Forgery CSRF vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin = 1.5.4 versions...