31 matches found
EUVD-2025-210265
Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...
CVE-2026-39642
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...
WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme NeoBeat versions = 1.7...
PT-2026-28025
Name of the Vulnerable Software and Affected Versions Mikado-Themes Stål versions prior to 1.7 Description The software contains a flaw due to deserialization of untrusted data, which can lead to object injection. This issue impacts the Stål component. Recommendations Update Mikado-Themes Stål to...
CVE-2026-27438
Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through = 1.7...
CVE-2026-22399 WordPress Holmes theme <= 1.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affects Holmes: from n/a through = 1.7...
WordPress Evently theme <= 1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Evently versions = 1.7...
WordPress Easy Author Image plugin <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Profile Picture URL vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Author Image versions = 1.7...
CVE-2026-22344
CVE-2026-22344 refers to a Local File Inclusion in WordPress FiveStar theme (versions up to 1.7). The issue arises from improper handling of filenames used in PHP include/require, enabling PHP Local File Inclusion via what is described as a PHP Remote File Inclusion vulnerability in the descripti...
CVE-2026-27057
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...
CVE-2026-27057 WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...
CVE-2026-27057 WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...
CVE-2026-22400
CVE-2026-22400 affects Mikado-Themes Holmes WordPress theme (Holmes), with vulnerable versions reported as
CVE-2025-69095
Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through = 1.7...
CVE-2025-69051 WordPress ListingPro Reviews theme <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Reflected XSS.This issue affects ListingPro Reviews: from n/a through 2.9.11...
EUVD-2025-205712
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through = 1.7...
CVE-2025-69032
Technical details for CVE-2025-69032 are not provided in the connected documents. The initial description only notes an authorization bypass in Mikado-Themes FiveStar; no affected versions, root cause, impact, or fixes are specified. Monitor for updates.
CVE-2025-49960
CVE-2025-49960 affects the WordPress LeadBI Plugin (versions up to and including 1.7). Root cause: improper input handling during web page generation leading to Stored XSS. Impact: stored script execution in users’ browsers. Remediation: update to a version newer than 1.7 (mitigation aligned with...
CVE-2025-49960 WordPress LeadBI Plugin for WordPress plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leadbi LeadBI Plugin for WordPress leadbi allows Stored XSS.This issue affects LeadBI Plugin for WordPress: from n/a through = 1.7...
EUVD-2025-28339
Malicious code in bioql PyPI...