6 matches found
CVE-2025-8900
CVE-2025-8900 : The Doccure Core WordPress plugin is vulnerable to unauthenticated privilege escalation in versions up to but not including 1.5.4. The flaw allows users registering new accounts to set their own role (via the user_type field), enabling an unauthenticated attacker to create an admi...
CVE-2025-7808 WP Shopify < 1.5.4 - Reflected XSS
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
VulnCheck KEV: CVE-2015-8351
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be...
Roundcube Webmail Cross-Site Scripting Vulnerability
Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.4.14, versions prior to 1.5.4, and versions prior to 1.6.3, which stems from a...
PT-2021-16195 · WordPress · Flat Preloader
Name of the Vulnerable Software and Affected Versions: Flat Preloader WordPress plugin versions prior to 1.5.4 Description: The issue arises from the lack of nonce checks when saving settings and the failure to sanitise and escape them, which could allow attackers to make logged-in admins change...
DEBIAN-CVE-2012-6685
Nokogiri before 1.5.4 is vulnerable to XXE attacks...