Lucene search
K

23 matches found

NVD
NVD
added 2026/06/17 2:17 p.m.12 views

CVE-2025-60230

Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...

9.8CVSS0.00426EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43372

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

5.3CVSS4.1AI score0.00282EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.25 views

CVE-2026-27087 WordPress Wolverine Framework plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through = 1.9...

7.1CVSS0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.4 views

CVE-2023-49760

Cross-Site Request Forgery CSRF vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9...

8.8CVSS8.5AI score0.00264EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/12/31 3:25 p.m.5 views

CVE-2025-49334

Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery myd-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through = 1.7.1...

5.3CVSS5.1AI score0.00203EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/18 7:21 a.m.4 views

EUVD-2025-204149

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through = 1.9...

8.2CVSS6.6AI score0.00415EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:21 a.m.2 views

CVE-2025-58709 WordPress Legacy theme <= 1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through = 1.9...

8.1CVSS6.7AI score0.00415EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.2 views

PT-2025-52056

Name of the Vulnerable Software and Affected Versions axiomthemes Legacy versions prior to 1.9 Description A flaw exists in axiomthemes Legacy related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...

8.1CVSS6.6AI score0.00415EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/04 10:59 p.m.6 views

WordPress Torod plugin <= 1.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Torod versions = 1.9...

4.3CVSS6.7AI score0.00129EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.12 views

PT-2025-44935

Name of the Vulnerable Software and Affected Versions Elegance Menu versions prior to 2.0 Description The Elegance Menu plugin for WordPress is susceptible to Local File Inclusion in versions up to and including 1.9. An authenticated attacker with Contributor-level access or higher can exploit th...

7.5CVSS6.7AI score0.00564EPSS
Exploits0References5
NVD
NVD
added 2025/09/22 7:16 p.m.3 views

CVE-2025-58239

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chandrika Sista WP Category Dropdown wp-category-dropdown allows Stored XSS.This issue affects WP Category Dropdown: from n/a through = 1.9...

6.5CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 7:15 p.m.4 views

CVE-2025-57978

Cross-Site Request Forgery CSRF vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects Advanced Appointment Booking & Scheduling: from n/a through = 2.1...

4.3CVSS0.00139EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/22 7:3 p.m.5 views

WordPress Advanced Appointment Booking & Scheduling plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Advanced Appointment Booking & Scheduling versions = 2.1...

4.3CVSS6.8AI score0.00139EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/09/22 6:49 p.m.5 views

WordPress WP Category Dropdown Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin WP Category Dropdown versions = 1.9...

6.5CVSS6AI score0.00258EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/09/22 6:23 p.m.13 views

CVE-2025-58239

CVE-2025-58239 describes a stored cross-site scripting vulnerability in the WordPress plugin “Category Dropdown” (WP Category Dropdown) by GCS Design, affecting versions up to 1.9 (input handling during web page generation is not properly neutralized). The CVE entry notes stored XSS as the vulner...

6.5CVSS5.9AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.5 views

PT-2025-38904

Name of the Vulnerable Software and Affected Versions Chandrika Sista WP Category Dropdown versions through 1.9 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-Site Scripting issue. This allows for the injection of...

6.5CVSS5.9AI score0.00258EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/05 11:0 a.m.3 views

WordPress Strux theme <= 1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Strux versions = 1.9...

8.1CVSS7AI score0.00445EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/07/07 12:1 p.m.6 views

WordPress Invico - WordPress Consulting Business Theme <= 1.9 - Cross Site Scripting (XSS) Vulnerability

WordPress Invico - WordPress Consulting Business Theme = 1.9 - Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Invico - WordPress Consulting Business Theme versions = 1.9...

7.1CVSS6.2AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/02/03 4:12 p.m.3 views

WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Simple User Profile versions = 1.9...

7.1CVSS6.2AI score0.00137EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/01/31 9:15 a.m.6 views

CVE-2025-24535

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Donation skt-donation allows Reflected XSS.This issue affects SKT Donation: from n/a through = 1.9...

7.1CVSS0.00241EPSS
Exploits0References1
Rows per page
Query Builder