Lucene search
K

44 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210258

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.11 views

CVE-2026-42745 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

7.3CVSS5.8AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.6 views

CVE-2026-28030

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through = 1.6...

8.1CVSS5.8AI score0.00433EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:54 a.m.33 views

CVE-2026-28030 WordPress Bonbon theme <= 1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through = 1.6...

8.1CVSS0.00433EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:54 a.m.10 views

CVE-2026-28030

CVE-2026-28030 corresponds to a Local File Inclusion in the WordPress ThemeREX Bonbon theme (bonbon) affecting versions up to 1.6. The vulnerability arises from improper control of the filename used in PHP include/require statements, enabling LFI. The public documents confirm the affected softwar...

8.1CVSS5.9AI score0.00433EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:47 p.m.3 views

CVE-2026-22351 WordPress WP FullCalendar plugin <= 1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through = 1.6...

7.5CVSS5.3AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.7 views

CVE-2026-24523

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...

5.3CVSS5.4AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.9 views

CVE-2026-24523

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...

5.3CVSS0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 2:28 p.m.37 views

CVE-2026-24523 WordPress WP FullCalendar plugin <= 1.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...

5.3CVSS0.00296EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:28 p.m.21 views

CVE-2026-24523

The CVE-2026-24523 entry concerns the WordPress WP FullCalendar plugin (versions up to and including 1.6) where embedded sensitive data is exposed to an unauthorized control sphere. The issue originates from information disclosure that enables retrieval of embedded sensitive data, affecting WP Fu...

5.3CVSS5.4AI score0.00296EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/08 1:18 p.m.8 views

WordPress Magic Responsive Slider and Carousel WordPress plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Magic Responsive Slider and Carousel WordPress versions = 1.6...

6.1CVSS6.1AI score0.00237EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.4 views

CVE-2025-53438

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes FitLine fitline allows PHP Local File Inclusion.This issue affects FitLine: from n/a through = 1.6...

8.1CVSS7.1AI score0.00415EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:30 a.m.7 views

EUVD-2025-204165

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects FitFlex: from n/a through = 1.6...

8.2CVSS6.6AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:16 a.m.7 views

CVE-2025-58930

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects FitFlex: from n/a through = 1.6...

8.1CVSS0.00445EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.8 views

PT-2025-52082

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects Palatio: from n/a through = 1.6...

7.1AI score0.00415EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/17 10:41 p.m.7 views

WordPress Pie Forms for WP plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Vanh - GCSC in WordPress Plugin Drag & Drop Builder versions = 1.6...

8.1CVSS7.1AI score0.00587EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/31 11:42 a.m.24 views

CVE-2025-64368

Summary: CVE-2025-64368 affects Mikado-Themes Bard Bardwp (WordPress Bard theme plugin). The vuln is a Cross-Site Request Forgery (CSRF) in Bardwp that allows an attacker to perform actions on behalf of authenticated users. Affected: Bard versions up to and including 1.6. Root cause: insufficient...

5.4CVSS6.5AI score0.0011EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/22 3:31 p.m.5 views

EUVD-2025-35421

Cross-Site Request Forgery CSRF vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through = 1.6...

5.3CVSS6.1AI score0.00116EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/21 11:16 p.m.6 views

WordPress Playerzbr plugin <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Meta Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via URL Meta Field vulnerability discovered by Nabil Irawan in WordPress Plugin Playerzbr versions = 1.6...

6.4CVSS5.7AI score0.00211EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-30474

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00159EPSS
Exploits0References2
Rows per page
Query Builder