93 matches found
CVE-2026-5341
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-5341 NMR Strava activities <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-5341
The NMR Strava activities plugin for WordPress is affected by CVE-2026-5341, with a Stored Cross-Site Scripting flaw in the strava_nmr_connect shortcode across all versions up to 1.0.14. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling an...
CVE-2026-5341 NMR Strava activities <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-5341
The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stravanmrconnect shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2026-38903
Name of the Vulnerable Software and Affected Versions NMR Strava activities plugin for WordPress versions prior to 1.0.15 Description Insufficient input sanitization and output escaping on user supplied attributes in the strava nmr connect shortcode allow authenticated attackers with...
WordPress NMR Strava activities plugin <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin NMR Strava activities versions = 1.0.14...
Astra Linux - уязвимость в libde265
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derivecombinedbipredictivemergingcandidates function at motion.cc...
CVE-2026-28097
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Artrium artrium allows PHP Local File Inclusion.This issue affects Artrium: from n/a through = 1.0.14...
EUVD-2026-9674
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gridiron gridiron allows PHP Local File Inclusion.This issue affects Gridiron: from n/a through = 1.0.14...
CVE-2026-28097 WordPress Artrium theme <= 1.0.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Artrium artrium allows PHP Local File Inclusion.This issue affects Artrium: from n/a through = 1.0.14...
CVE-2026-28097
CVE-2026-28097 is a reported Local File Inclusion vulnerability in the WordPress ThemeArtrium (ThemeREX) up to version 1.0.14. The issue stems from improper control of the filename used in PHP Include/Require, enabling potential PHP local file access. The CVSS v3.1 base score is 8.1 (High) with N...
CVE-2026-28012
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gridiron gridiron allows PHP Local File Inclusion.This issue affects Gridiron: from n/a through = 1.0.14...
CVE-2026-28012 WordPress Gridiron theme <= 1.0.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gridiron gridiron allows PHP Local File Inclusion.This issue affects Gridiron: from n/a through = 1.0.14...
CVE-2026-28012
CVE-2026-28012 is a Local File Inclusion vulnerability in WordPress Theme Gridiron (Gridiron) up to version <= 1.0.14. The issue arises from improper control of the filename for include/require in the PHP program, enabling LFI. Public sources in the Connected documents confirm the affected pro...
PT-2026-23294
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gridiron gridiron allows PHP Local File Inclusion.This issue affects Gridiron: from n/a through = 1.0.14...
WordPress plugin Artrium 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-23372
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Artrium artrium allows PHP Local File Inclusion.This issue affects Artrium: from n/a through = 1.0.14...
PT-2026-23286
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Lingvico lingvico allows PHP Local File Inclusion.This issue affects Lingvico: from n/a through = 1.0.14...
WordPress plugin Lingvico 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...