18 matches found
CVE-2026-3142
The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postvar' parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...
CVE-2026-4080
The CVE concerns the WordPress Easy Cart plugin (versions ≤ 1.8). The vulnerability is Stored Cross-Site Scripting via the add_to_cart shortcode attributes, due to insufficient input sanitization and output escaping in ectp_add_to_cart(). Specifically, sanitize_text_field() is applied to shortcod...
CVE-2026-27386
Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through = 1.8...
CVE-2026-22423
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes SetSail setsail allows PHP Local File Inclusion.This issue affects SetSail: from n/a through = 1.8...
CVE-2026-27386 WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through = 1.8...
CVE-2026-27386
CVE-2026-27386 is a Missing/Broken Authorization vulnerability affecting the DesignThemes Directory Addon (WordPress plugin) with versions from n/a to 1.8. Multiple sources (NVD, Red Hat, CVE list, AttackKB, PatchStack, vuln enrichment) describe a broken access control issue enabling improper aut...
PT-2026-4450
Name of the Vulnerable Software and Affected Versions PopCash versions prior to 1.9 Description The PopCash Code Integration Tool has a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The tool is susceptible to missing authorization...
PT-2026-1212
Name of the Vulnerable Software and Affected Versions bg5sbk MiniCMS versions up to 1.8 Description A flaw exists in bg5sbk MiniCMS that can lead to improper authentication. The issue affects an unknown function within the Article Handler component, specifically in the file /mc-admin/post-edit.ph...
WordPress Lekker theme <= 1.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Lekker versions = 1.8...
CVE-2025-57891 WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpecommerce Recurring PayPal Donations recurring-donation allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through = 1.8...
CVE-2025-49057
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through = 1.8...
CVE-2025-52788
CVE-2025-52788: CaptionPix WordPress plugin
CVE-2025-8735
A flaw was found in cflow. The yylex function in c.c exhibits a null pointer dereference due to manipulation, allowing a local attacker to trigger a denial of service via crafted input. This condition arises from improper handling of lexical analysis data. The resulting null pointer dereference c...
PT-2025-32407 · Gnu +1 · Gnu Cflow +1
Name of the Vulnerable Software and Affected Versions: GNU cflow versions up to 1.8 Description: A critical vulnerability exists in GNU cflow up to version 1.8. The issue is located in the yylex function within the c.c file of the Lexer component and leads to a buffer overflow. Local access is...
WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Eleblog – Elementor Blog And Magazine Addons versions = 1.8...
WordPress Slideshow Gallery LITE plugin <= 1.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Slideshow Gallery versions = 1.8...
CVE-2024-23510
Cross-Site Request Forgery CSRF vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8...