WordPress Real Estate Pro plugin <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Real Estate Pro versions = 1.0.9...

WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Elementra versions = 1.0.9...

EUVD-2026-20279

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...

CVE-2025-66139

Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through = 1.0.9...

WordPress Anarkali theme <= 1.0.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Anarkali versions = 1.0.9...

PT-2025-54453

Name of the Vulnerable Software and Affected Versions Logger for Elementor versions through 1.0.9 Description An authorization issue exists in Logger for Elementor, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Logger for Elementor to a...

PT-2025-53891

Name of the Vulnerable Software and Affected Versions Medicalequipment versions n/a through 1.0.9 Description An authorization issue exists in kamleshyadav Medicalequipment medicalequipment, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update...

CVE-2025-68556

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.9...

CVE-2025-10672

A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach...

CVE-2025-58759

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...

WordPress Auto Save Remote Images (Drafts) plugin <= 1.0.9 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Auto Save Remote Images Drafts versions = 1.0.9...

TinyEnv: Missing .env file not required — may cause unexpected behavior

Impact TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. Affected versions: - 1.0.1 → 1.0.2 ...

CVE-2025-58759 TinyEnv: Inline comments not stripped properly in .env values

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters including or comment text...

WordPress Simplified plugin <= 1.0.11 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Simplified versions = 1.0.11...

CVE-2023-31134

Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an...

WordPress WooCommerce Pricing – Product Pricing plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WooCommerce Pricing – Product Pricing versions = 1.0.9...

CVE-2025-24549

Cross-Site Request Forgery CSRF vulnerability in Mahbubur Rahman Post Meta post-meta allows Reflected XSS.This issue affects Post Meta: from n/a through = 1.0.9...

CVE-2025-24543

Cross-Site Request Forgery CSRF vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9...

WordPress Files Download Delay plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Files Download Delay versions = 1.0.9...

WordPress plugin Navayan CSV Export SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability...