Lucene search
K

15 matches found

NVD
NVD
added 2026/06/25 2:16 p.m.6 views

CVE-2026-56023

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

5.4CVSS0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10514

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

4.8CVSS3.5AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 11:45 p.m.11 views

CVE-2026-10514 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

4.8CVSS4.1AI score0.00251EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.3 views

CVE-2026-27045

Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through = 1.6.2...

8.8CVSS5.8AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2025-69372

Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through = 1.6.2...

9.8CVSS0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.25 views

CVE-2025-69372 WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through = 1.6.2...

9.8CVSS0.00403EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/28 7:14 a.m.5 views

WordPress EmailKit plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin EmailKit versions = 1.6.2...

5.4AI score
Exploits0Affected Software1
CVE
CVE
added 2025/12/09 2:13 p.m.18 views

CVE-2025-67516

CVE-2025-67516 concerns the Store Locator WordPress plugin (Store Locator WordPress, agile-store-locator) with versions up to 1.6.2. The underlying issue is an SQL Injection vulnerability caused by improper neutralization of input used in SQL commands, described as a Blind SQL Injection in public...

8.5CVSS7.2AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:13 p.m.2 views

CVE-2025-67516 WordPress Store Locator WordPress plugin <= 1.6.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through = 1.6.2...

8.5CVSS7.2AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/22 6:25 p.m.1 views

CVE-2025-53461 WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Binsaifullah Beaf allows Server Side Request Forgery. This issue affects Beaf: from n/a through 1.6.2...

4.4CVSS6.6AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:25 p.m.10 views

CVE-2025-53461 WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Binsaifullah Beaf image-compare-block allows Server Side Request Forgery.This issue affects Beaf: from n/a through = 1.6.2...

4.4CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 6:25 p.m.10 views

CVE-2025-53461

CVE-2025-53461 is a Server-Side Request Forgery (SSRF) vulnerability in Beaf (Beaf – Photo Comparison Block) affecting Beaf versions up to 1.6.2. The Beaf entry (Beaf

4.4CVSS5.9AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/06/09 4:15 p.m.6 views

CVE-2025-27362

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Petito bw-petito allows PHP Local File Inclusion.This issue affects Petito: from n/a through 1.6.6...

8.1CVSS0.00519EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 2:24 p.m.17 views

CVE-2025-26581 WordPress Picture Gallery plugin <= 1.6.3 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in videowhisper Picture Gallery picture-gallery allows Reflected XSS.This issue affects Picture Gallery: from n/a through = 1.6.3...

7.1CVSS0.00352EPSS
Exploits0References1
OSV
OSV
added 2021/11/29 7:15 p.m.7 views

CVE-2021-42358

The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the /cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2...

8.8CVSS7.4AI score0.00605EPSS
Exploits0References2
Rows per page
Query Builder