23 matches found
CVE-2025-60230
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...
PT-2026-43372
A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...
CVE-2026-27087 WordPress Wolverine Framework plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through = 1.9...
CVE-2023-49760
Cross-Site Request Forgery CSRF vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9...
CVE-2025-49334
Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery myd-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through = 1.7.1...
EUVD-2025-204149
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through = 1.9...
CVE-2025-58709 WordPress Legacy theme <= 1.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through = 1.9...
PT-2025-52056
Name of the Vulnerable Software and Affected Versions axiomthemes Legacy versions prior to 1.9 Description A flaw exists in axiomthemes Legacy related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...
WordPress Torod plugin <= 1.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Torod versions = 1.9...
PT-2025-44935
Name of the Vulnerable Software and Affected Versions Elegance Menu versions prior to 2.0 Description The Elegance Menu plugin for WordPress is susceptible to Local File Inclusion in versions up to and including 1.9. An authenticated attacker with Contributor-level access or higher can exploit th...
CVE-2025-58239
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chandrika Sista WP Category Dropdown wp-category-dropdown allows Stored XSS.This issue affects WP Category Dropdown: from n/a through = 1.9...
CVE-2025-57978
Cross-Site Request Forgery CSRF vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects Advanced Appointment Booking & Scheduling: from n/a through = 2.1...
WordPress Advanced Appointment Booking & Scheduling plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Advanced Appointment Booking & Scheduling versions = 2.1...
WordPress WP Category Dropdown Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin WP Category Dropdown versions = 1.9...
CVE-2025-58239
CVE-2025-58239 describes a stored cross-site scripting vulnerability in the WordPress plugin “Category Dropdown” (WP Category Dropdown) by GCS Design, affecting versions up to 1.9 (input handling during web page generation is not properly neutralized). The CVE entry notes stored XSS as the vulner...
PT-2025-38904
Name of the Vulnerable Software and Affected Versions Chandrika Sista WP Category Dropdown versions through 1.9 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-Site Scripting issue. This allows for the injection of...
WordPress Strux theme <= 1.9 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Strux versions = 1.9...
WordPress Invico - WordPress Consulting Business Theme <= 1.9 - Cross Site Scripting (XSS) Vulnerability
WordPress Invico - WordPress Consulting Business Theme = 1.9 - Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Invico - WordPress Consulting Business Theme versions = 1.9...
WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Simple User Profile versions = 1.9...
CVE-2025-24535
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Donation skt-donation allows Reflected XSS.This issue affects SKT Donation: from n/a through = 1.9...