7 matches found
CVE-2026-39649
Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through = 2.2.4...
WordPress Oblo Theme <= 2.2.4 is vulnerable to Local File Inclusion
Software Oblo Type Theme Vulnerable versions = 2.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 513d4a3a8bf3 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Requir...
CVE-2025-48362
Cross-Site Request Forgery CSRF vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through = 2.2.5...
CVE-2023-47849
Missing Authorization vulnerability in Blossom Themes BlossomThemes Email Newsletter blossomthemes-email-newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter: from n/a through = 2.2.4...
WordPress Frontend Dashboard plugin <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call vulnerability
Authenticated Subscriber+ Arbitrary Function Call vulnerability discovered by Lucio Sá in WordPress Plugin Frontend Dashboard versions = 2.2.4...
WordPress plugin Simple Staff List security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
CVE-2023-44995
Cross-Site Request Forgery CSRF vulnerability in WP Doctor WooCommerce Login Redirect plugin = 2.2.4 versions...