21 matches found
EUVD-2025-210353
Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...
CVE-2026-22332
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
CVE-2025-69159 WordPress Printo theme <= 1.11 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Printo = 1.11 versions...
CVE-2026-4803 Royal Addons for Elementor <= 1.7.1056 - Unauthenticated Stored Cross-Site Scripting via 'status' Parameter in wpr_update_form_action_meta
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a...
CVE-2026-39659
Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through = 2.11.3...
CVE-2026-27358
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Architecturer architecturer allows Reflected XSS.This issue affects Architecturer: from n/a through 3.9.5...
CVE-2026-22466
Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through = 3.0.3...
CVE-2025-68494
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through = 4.11.53...
CVE-2025-66088 WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...
EUVD-2025-204134
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Rare Radio rareradio allows PHP Local File Inclusion.This issue affects Rare Radio: from n/a through = 1.0.15.1...
PT-2025-48609
The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’ attribute in all versions up to, and including, 2.2.13 due to insufficient input sanitization and...
CVE-2025-11999 Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update
The Add Multiple Marker plugin for WordPress is vulnerable to unauthorized modification of data to due to a missing capability check on the addmultiplemarkerresetmap and ammsavemapapi functions in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upda...
EUVD-2025-36028
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rock Content Rock Convert rock-convert allows Stored XSS.This issue affects Rock Convert: from n/a through = 3.0.1...
JLSEC-2025-105 FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_pa...
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645parse because allocrbspbuffer in libavcodec/h2645parse.c mishandles rbspbuffer...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from storing passwords using the unsalted MD5 hash algorithm, which could lead to an offline dictionary...
CVE-2025-58237
CVE-2025-58237: LC Wizard (Connector Wizard) for WordPress has a stored XSS in LC Wizard/Connector Wizard up to version 1.4.0 (initial cites 1.3.0). Root cause: improper input neutralization during web page generation. Affected plugin: Connector Wizard (formerly LC Wizard); vulnerability context ...
Linux Distros Unpatched Vulnerability : CVE-2022-21662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author ...
CVE-2023-30747
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPGem WooCommerce Easy Duplicate Product plugin = 0.3.0.0 versions...
PT-2024-34307 · Unknown · Fluent Forms
Name of the Vulnerable Software and Affected Versions: Fluent Forms versions up to, and including, 5.1.18 Description: The issue is related to an insufficient capability check on the verifyRequest function, allowing Form Managers with a Subscriber-level access and above to modify the Mailchimp AP...
CVE-2023-38381
Cross-Site Request Forgery CSRF vulnerability in Cyle Conoly WP-FlyBox plugin = 6.46 versions...