8 matches found
CVE-2025-69104
Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...
CVE-2025-69104 WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...
CVE-2026-10580
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::getuserpermissions, which returns the same null sentinel f...
CVE-2025-69993
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...
WordPress WP Last Modified Info plugin <= 1.9.4 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by zaim in WordPress Plugin WP Last Modified Info versions = 1.9.4...
CVE-2025-25172 WordPress VidMov <= 1.9.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through = 1.9.4...
CVE-2025-25172
CVE-2025-25172 affects VidMov WordPress Theme (
PT-2024-18242 · Mediavine · Create By Mediavine Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Create by Mediavine plugin for WordPress versions up to, and including, 1.9.4 Description: The issue allows for SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation ...