44 matches found
EUVD-2025-210258
Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...
CVE-2026-42745 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-28030
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through = 1.6...
CVE-2026-28030 WordPress Bonbon theme <= 1.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through = 1.6...
CVE-2026-28030
CVE-2026-28030 corresponds to a Local File Inclusion in the WordPress ThemeREX Bonbon theme (bonbon) affecting versions up to 1.6. The vulnerability arises from improper control of the filename used in PHP include/require statements, enabling LFI. The public documents confirm the affected softwar...
CVE-2026-22351 WordPress WP FullCalendar plugin <= 1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through = 1.6...
CVE-2026-24523
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...
CVE-2026-24523
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...
CVE-2026-24523 WordPress WP FullCalendar plugin <= 1.6 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...
CVE-2026-24523
The CVE-2026-24523 entry concerns the WordPress WP FullCalendar plugin (versions up to and including 1.6) where embedded sensitive data is exposed to an unauthorized control sphere. The issue originates from information disclosure that enables retrieval of embedded sensitive data, affecting WP Fu...
WordPress Magic Responsive Slider and Carousel WordPress plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Magic Responsive Slider and Carousel WordPress versions = 1.6...
CVE-2025-53438
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes FitLine fitline allows PHP Local File Inclusion.This issue affects FitLine: from n/a through = 1.6...
EUVD-2025-204165
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects FitFlex: from n/a through = 1.6...
CVE-2025-58930
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects FitFlex: from n/a through = 1.6...
PT-2025-52082
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects Palatio: from n/a through = 1.6...
WordPress Pie Forms for WP plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Vanh - GCSC in WordPress Plugin Drag & Drop Builder versions = 1.6...
CVE-2025-64368
Summary: CVE-2025-64368 affects Mikado-Themes Bard Bardwp (WordPress Bard theme plugin). The vuln is a Cross-Site Request Forgery (CSRF) in Bardwp that allows an attacker to perform actions on behalf of authenticated users. Affected: Bard versions up to and including 1.6. Root cause: insufficient...
EUVD-2025-35421
Cross-Site Request Forgery CSRF vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through = 1.6...
WordPress Playerzbr plugin <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Meta Field vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via URL Meta Field vulnerability discovered by Nabil Irawan in WordPress Plugin Playerzbr versions = 1.6...
EUVD-2025-30474
Malicious code in bioql PyPI...