23 matches found
CVE-2026-8892
The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability
Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...
CVE-2025-69096 WordPress Zorka theme <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zorka: from n/a through = 1.5.7...
PT-2026-27806
CVE-2025-69096 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zork… https://t.co/7vIIzsCyr0...
CVE-2025-69404
Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through = 1.5.10...
CVE-2026-24534
CVE-2026-24534 describes a Missing Authorization vulnerability in the uPress Booter plugin, specifically in the booter-bots-crawlers-manager component. Affected versions are Booter up to and including 1.5.7, where incorrectly configured access control security levels can allow unauthorized action...
CVE-2026-0676
Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through = 1.5.7...
CVE-2026-0676 WordPress Zorka theme <= 1.5.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through = 1.5.7...
CVE-2025-53324
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through = 1.5.7...
EUVD-2025-30591
Malicious code in bioql PyPI...
CVE-2025-58223
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Taylor VoucherPress voucherpress allows Stored XSS.This issue affects VoucherPress: from n/a through = 1.5.7...
CVE-2025-58223
CVE-2025-58223 describes a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin VoucherPress. Affected: VoucherPress versions from n/a up to and including 1.5.7. The CVE notes an input handling issue during web page generation that enables stored XSS. The vulnerability is rated...
WordPress plugin Site Offline 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2025-31766
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PhotoShelter PhotoShelter for Photographers Blog Feed Plugin photoshelter-official-plugin allows Stored XSS.This issue affects PhotoShelter for Photographers Blog Feed Plugin: from n/a through =...
WordPress plugin Tube Video Ads Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
CVE-2023-35051
Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7...
CVE-2023-35051
Missing Authorization vulnerability in cimatti Contact Forms by Cimatti contact-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through = 1.5.7...
WordPress Meteor Slides plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin Meteor Slides versions = 1.5.7...
CVE-2024-49274
Cross-Site Request Forgery CSRF vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7...
WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin VOD Infomaniak versions = 1.5.7...