WordPress Send Users Email – Email Subscribers, Email Marketing Newsletter plugin <= 1.5.10 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Send Users Email versions = 1.5.10...

CVE-2026-33739 FOG has Stored XSS in Multiple Management Pages

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages Host, Storage, Group, Image, Printer, Snapin are vulnerable to Stored Cross-Site Scripting XSS, due to insufficient server-side parameter...

EUVD-2026-9573

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Hoverex hoverex allows PHP Local File Inclusion.This issue affects Hoverex: from n/a through = 1.5.10...

CVE-2026-22452 WordPress Hoverex theme <= 1.5.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Hoverex hoverex allows PHP Local File Inclusion.This issue affects Hoverex: from n/a through = 1.5.10...

WordPress plugin Hoverex 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Hoverex theme <= 1.5.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hoverex versions = 1.5.10...

CVE-2025-69404 WordPress Extreme Store theme <= 1.5.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through = 1.5.10...

CVE-2024-34477

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share because of norootsquash and insecure. In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In...

CVE-2022-0838

Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10...

EUVD-2024-16199

Malicious code in bioql PyPI...

EUVD-2023-50473

Malicious code in bioql PyPI...

EUVD-2022-15884

Malicious code in bioql PyPI...

EUVD-2023-50474

Malicious code in bioql PyPI...

CVE-2025-6085

The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'uploadmedia' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

PT-2025-35899

Name of the Vulnerable Software and Affected Versions Make Connector versions prior to 1.5.11 Description The Make Connector plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the upload media function. This allows authenticated attackers...

WordPress plugin ShopSite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

PT-2024-35258 · Cactusthemes · Cactusthemes Gameplan

Name of the Vulnerable Software and Affected Versions: CactusThemes Gameplan versions 1.5.10 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

WordPress plugin Gameplan 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Gameplan theme <= 1.5.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme Gameplan versions = 1.5.10...

CVE-2024-39300

Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings...