CVE-2026-25352

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through 1.5.9...

WordPress Speedup Optimization plugin <= 1.5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'speedup01_enabled' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification via 'speedup01enabled' AJAX Action vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Speedup Optimization versions = 1.5.9...

EUVD-2026-13995

The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...

CVE-2026-4127

The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...

WordPress plugin Speedup Optimization 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-69294

Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through = 1.5.9...

CVE-2025-69294

Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through = 1.5.9...

WordPress plugin PeakShops 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

PT-2026-6602

Name of the Vulnerable Software and Affected Versions ChestnutCMS versions prior to 1.5.9 Description An issue allows a remote attacker to execute arbitrary code via the template creation function. Recommendations Update to version 1.5.9 or later...

WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PeakShops versions = 1.5.9...

CVE-2022-0753

Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9...

CVE-2022-0752

Cross-site Scripting XSS - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9...

CVE-2020-12840

ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php...

WordPress plugin SiteGround Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-8605

The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-8605

The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

EUVD-2025-197942

The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-8605 Gutenify - Visual Site Builder Blocks & Site Templates <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block

The Gutenify – Visual Site Builder Blocks & Site Templates. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-8605

CVE-2025-8605 affects the WordPress Gutenify – Visual Site Builder Blocks & Site Templates plugin. Connected sources confirm a Stored Cross-Site Scripting vulnerability in all versions up to 1.5.9 due to insufficient input sanitization and output escaping on user-supplied block attributes. Exploi...

WordPress Gutenify - Visual Site Builder Blocks & Site Templates plugin <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block vulnerability

WordPress Gutenify - Visual Site Builder Blocks & Site Templates plugin = 1.5.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Count Up block vulnerability discovered by zer0gh0st in WordPress Plugin Gutenify versions = 1.5.9...