CVE-2026-25395

CVE-2026-25395 – WordPress Business Roy theme

CVE-2026-25395 WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through = 1.1.4...

CVE-2026-25395 WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through = 1.1.4...

[SECURITY] Fedora 42 Update: fvwm3-1.1.4-4.fc42

Fvwm is a window manager for X11. It is designed to minimize memory consumption, provide a 3D look to window frames, and implement a virtual desktop...

WordPress plugin Business Roy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-20728

Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through = 1.1.4...

CVE-2025-6792 One to one user Chat by WPGuppy <= 1.1.4 - Unauthenticated Information Disclosure via Chat Message Interception

The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to...

CVE-2026-0702 VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-68838

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...

CVE-2025-68838

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...

CVE-2025-68838 WordPress MemberPress Discord Addon plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...

CVE-2025-68838

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...

CVE-2025-68838 WordPress MemberPress Discord Addon plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through = 1.1.4...

PT-2026-4084

Name of the Vulnerable Software and Affected Versions MemberPress Discord Addon versions through 1.1.4 Description The MemberPress Discord Addon contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This issue could...

WordPress plugin MemberPress Discord Addon: Cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2019-16531

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php...

CVE-2025-31048 WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...

CVE-2025-31048

CVE-2025-31048 affects WordPress plugin/theme Shopo (Themify Shopo) up to version 1.1.4, with an Unrestricted Upload of File with Dangerous Type vulnerability that can permit uploading a web shell to the server. The issue is described across multiple sources (NVD/Red Hat entries and Patchstack), ...

CVE-2025-31048 WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...

PT-2026-1030

Name of the Vulnerable Software and Affected Versions go-sonic versions up to 1.1.4 Description A server-side request forgery issue exists in the Theme Fetching API of go-sonic. The flaw is located in the FetchTheme function within the service/theme/git fetcher.go file. Manipulation of the uri...