Lucene search
+L

14 matches found

Patchstack
Patchstack
added 2026/01/24 5:59 p.m.9 views

WordPress Omnipress plugin <= 1.6.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 in WordPress Plugin Omnipress versions = 1.6.7...

7.6CVSS5.9AI score0.00392EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 p.m.9 views

CVE-2026-24569

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through = 1.6.7...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.8 views

CVE-2026-24529

Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through = 1.6.7...

5.3CVSS0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 4:51 p.m.3 views

CVE-2025-62960 WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7...

5.4CVSS6.6AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.7 views

CVE-2025-62093

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Image FullScreen Background lbgfullscreenfullwidthslider allows SQL Injection.This issue affects Image FullScreen Background: from n/a through = 1.6.7...

8.5CVSS7.7AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:52 p.m.12 views

CVE-2025-62093

The CVE-2025-62093 entry concerns the WordPress plugin Image&Video FullScreen Background (lbg_fullscreen_fullwidth_slider) with a SQL Injection vulnerability due to improper neutralization of special elements in SQL commands. Affected versions are 1.6.7 and earlier; the issue is present in the pl...

8.5CVSS7.3AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.7 views

PT-2025-49994

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Image&Video FullScreen Background lbg fullscreen fullwidth slider allows SQL Injection.This issue affects Image&Video FullScreen Background: from n/a through = 1.6.7...

7.7AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2025/10/29 9:15 a.m.7 views

CVE-2025-64283

Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through = 1.6.7...

6.5CVSS0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 1:35 p.m.6 views

CVE-2025-58971

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through = 1.6.7...

7.1CVSS6.4AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.3 views

CVE-2025-58970 WordPress Doctreat theme <= 1.6.7 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through = 1.6.7...

6.3CVSS6.2AI score0.00252EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/14 9:53 p.m.7 views

WordPress RTMKit plugin <= 1.6.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Chazz Wolcott Patchstack in WordPress Plugin RTMKit versions = 1.6.7...

6.5CVSS7AI score0.00247EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/26 9:38 a.m.8 views

WordPress WP Delicious plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin WP Delicious versions = 1.6.7...

6.5CVSS6.1AI score0.0024EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/04/09 7:15 p.m.5 views

CVE-2024-0826

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS6AI score0.00607EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.6 views

PT-2024-15845 · WordPress · Qi Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.6.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on...

6.4CVSS7.9AI score0.00607EPSS
Exploits0References7
Rows per page
Query Builder