Lucene search
K

31 matches found

EUVD
EUVD
added 2026/06/17 12:47 p.m.7 views

EUVD-2025-210265

Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39642

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.4AI score0.00255EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/08 12:20 p.m.6 views

WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme NeoBeat versions = 1.7...

5.8AI score0.00395EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28025

Name of the Vulnerable Software and Affected Versions Mikado-Themes Stål versions prior to 1.7 Description The software contains a flaw due to deserialization of untrusted data, which can lead to object injection. This issue impacts the Stål component. Recommendations Update Mikado-Themes Stål to...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:54 a.m.3 views

CVE-2026-27438

Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through = 1.7...

5.9AI score0.00375EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.1 views

CVE-2026-22399 WordPress Holmes theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affects Holmes: from n/a through = 1.7...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/25 8:25 a.m.7 views

WordPress Evently theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Evently versions = 1.7...

8.1CVSS5.9AI score0.00504EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/23 6:48 a.m.7 views

WordPress Easy Author Image plugin <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Profile Picture URL vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Author Image versions = 1.7...

6.4CVSS5.3AI score0.00152EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/20 3:46 p.m.11 views

CVE-2026-22344

CVE-2026-22344 refers to a Local File Inclusion in WordPress FiveStar theme (versions up to 1.7). The issue arises from improper handling of filenames used in PHP include/require, enabling PHP Local File Inclusion via what is described as a PHP Remote File Inclusion vulnerability in the descripti...

8.1CVSS5.6AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:26 p.m.7 views

CVE-2026-27057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...

6.5CVSS5.5AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.33 views

CVE-2026-27057 WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...

6.5CVSS0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:27 a.m.5 views

CVE-2026-27057 WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...

6.5CVSS5.5AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.15 views

CVE-2026-22400

CVE-2026-22400 affects Mikado-Themes Holmes WordPress theme (Holmes), with vulnerable versions reported as

5.4CVSS5.4AI score0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.2 views

CVE-2025-69095

Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through = 1.7...

6.5CVSS5.3AI score0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.3 views

CVE-2025-69051 WordPress ListingPro Reviews theme <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Reflected XSS.This issue affects ListingPro Reviews: from n/a through 2.9.11...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 12:30 p.m.2 views

EUVD-2025-205712

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through = 1.7...

6.5AI score0.00185EPSS
Exploits0References2
CVE
CVE
added 2025/12/30 10:47 a.m.16 views

CVE-2025-69032

Technical details for CVE-2025-69032 are not provided in the connected documents. The initial description only notes an authorization bypass in Mikado-Themes FiveStar; no affected versions, root cause, impact, or fixes are specified. Monitor for updates.

5.4CVSS6.6AI score0.00185EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/22 2:32 p.m.13 views

CVE-2025-49960

CVE-2025-49960 affects the WordPress LeadBI Plugin (versions up to and including 1.7). Root cause: improper input handling during web page generation leading to Stored XSS. Impact: stored script execution in users’ browsers. Remediation: update to a version newer than 1.7 (mitigation aligned with...

6.5CVSS5.6AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.2 views

CVE-2025-49960 WordPress LeadBI Plugin for WordPress plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leadbi LeadBI Plugin for WordPress leadbi allows Stored XSS.This issue affects LeadBI Plugin for WordPress: from n/a through = 1.7...

6.5CVSS5.6AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28339

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00249EPSS
Exploits0References1
Rows per page
Query Builder