Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-3142

The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postvar' parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.7AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 1:48 p.m.8 views

CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...

8.1CVSS5.8AI score0.00337EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 7:48 a.m.20 views

CVE-2026-4080

The CVE concerns the WordPress Easy Cart plugin (versions ≤ 1.8). The vulnerability is Stored Cross-Site Scripting via the add_to_cart shortcode attributes, due to insufficient input sanitization and output escaping in ectp_add_to_cart(). Specifically, sanitize_text_field() is applied to shortcod...

6.4CVSS6AI score0.00243EPSS
Exploits0References15
NVD
NVD
added 2026/03/05 6:16 a.m.10 views

CVE-2026-27386

Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through = 1.8...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 6:16 a.m.10 views

CVE-2026-22423

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through = 1.8...

8.1CVSS0.00504EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.3 views

CVE-2026-27386 WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through = 1.8...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.12 views

CVE-2026-27386

CVE-2026-27386 is a Missing/Broken Authorization vulnerability affecting the DesignThemes Directory Addon (WordPress plugin) with versions from n/a to 1.8. Multiple sources (NVD, Red Hat, CVE list, AttackKB, PatchStack, vuln enrichment) describe a broken access control issue enabling improper aut...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.11 views

PT-2026-4450

Name of the Vulnerable Software and Affected Versions PopCash versions prior to 1.9 Description The PopCash Code Integration Tool has a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The tool is susceptible to missing authorization...

5.3CVSS5.3AI score0.00176EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.6 views

PT-2026-1212

Name of the Vulnerable Software and Affected Versions bg5sbk MiniCMS versions up to 1.8 Description A flaw exists in bg5sbk MiniCMS that can lead to improper authentication. The issue affects an unknown function within the Article Handler component, specifically in the file /mc-admin/post-edit.ph...

7.5CVSS5.9AI score0.00511EPSS
Exploits1References11
Patchstack
Patchstack
added 2025/12/30 10:19 a.m.6 views

WordPress Lekker theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Lekker versions = 1.8...

8.1CVSS7AI score0.00327EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/08/22 11:59 a.m.10 views

CVE-2025-57891 WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpecommerce Recurring PayPal Donations recurring-donation allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through = 1.8...

5.9CVSS0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 11:25 a.m.3 views

CVE-2025-49057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through = 1.8...

7.1CVSS5.9AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 10:33 a.m.16 views

CVE-2025-52788

CVE-2025-52788: CaptionPix WordPress plugin

7.1CVSS5.9AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/10 7:15 p.m.10 views

CVE-2025-8735

A flaw was found in cflow. The yylex function in c.c exhibits a null pointer dereference due to manipulation, allowing a local attacker to trigger a denial of service via crafted input. This condition arises from improper handling of lexical analysis data. The resulting null pointer dereference c...

4.8CVSS4.1AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-32407 · Gnu +1 · Gnu Cflow +1

Name of the Vulnerable Software and Affected Versions: GNU cflow versions up to 1.8 Description: A critical vulnerability exists in GNU cflow up to version 1.8. The issue is located in the yylex function within the c.c file of the Lexer component and leads to a buffer overflow. Local access is...

5.3CVSS5.4AI score0.0016EPSS
Exploits0References17
Patchstack
Patchstack
added 2024/04/30 7:13 a.m.5 views

WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Eleblog – Elementor Blog And Magazine Addons versions = 1.8...

6.5CVSS6.1AI score0.00312EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/07 7:3 p.m.6 views

WordPress Slideshow Gallery LITE plugin <= 1.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Slideshow Gallery versions = 1.8...

5.3CVSS7AI score0.0047EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/03/27 2:15 p.m.4 views

CVE-2024-23510

Cross-Site Request Forgery CSRF vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8...

8.8CVSS7.3AI score0.00241EPSS
Exploits0References1
Rows per page
Query Builder