CVE-2026-28010 WordPress Scientia theme <= 1.2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Scientia scientia allows PHP Local File Inclusion.This issue affects Scientia: from n/a through = 1.2.4...

CVE-2026-24566

CVE-2026-24566 corresponds to a Missing Authorization / broken access control vulnerability in the WordPress plugin iNET Webkit (inet-webkit), affected up to version 1.2.4. The connected sources describe an authorization/configuration flaw that could allow improper access control to sensitive fun...

WordPress plugin Element Invader has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-53350

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webjunk Calendar Plus calendar-plus allows Reflected XSS.This issue affects Calendar Plus: from n/a through = 1.2.4...

CVE-2025-58006

Technical details for CVE-2025-58006 are not provided in the supplied connected documents. No product/version/impact/fix data is present here; monitor for official advisories and updates.

CVE-2025-58681

CVE-2025-58681 involves a Missing Authorization vulnerability in the WordPress plugin Easy Quotes. Evidence from the CVE entry indicates affected software: Easy Quotes versions from n/a through 1.2.4, with an access-control misconfiguration allowing unauthorized actions due to incorrectly configu...

CVE-2025-53244

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Magazine Elite magazine-elite allows PHP Local File Inclusion.This issue affects Magazine Elite: from n/a through = 1.2.4...

CVE-2025-7827 Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the niwoocpraction function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2023-28174

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in eLightUp eRocket plugin = 1.2.4 versions...

WordPress plugin Maps for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress plugin LeaderBoard 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

PT-2024-33279 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue concerns improper input validation in the ZimaOS API endpoint http:///v3/file?token=&files=, allowing authenticated users to read sensitive system files by manipulating the files...

PT-2024-33482 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows authenticated users to perform a directory traversal attack via the API endpoint http:///v2 1/file, enabling access to sensitive system directories such as /etc. This could expos...

Exploit for CVE-2024-9821

CVE-2024-9821 Bot for Telegram on WooCommerce = 1.2.4 - Au...

PT-2024-32558 · Kraftplugins · Kraftplugins Mega Elements

Name of the Vulnerable Software and Affected Versions: Kraftplugins Mega Elements versions 1.2.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting XSS vulnerability. This allows for stored XSS...

WordPress Amelia plugin <= 1.2.4 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Nadim Zubidat in WordPress Plugin Amelia versions = 1.2.4...

WordPress plugin Serious Slider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2024-24030 · Unknown · Pagelayer Popularfx

Name of the Vulnerable Software and Affected Versions: Pagelayer PopularFX versions 1.2.4 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Pagelayer PopularFX. This issue allows an attacker to perform unintended actions on a user's account. Recommendations: For versions...

Stupid Simple CMS Security Vulnerability

Stupid Simple CMS is a content management system by codelyfe individual developer. A security vulnerability exists in Stupid Simple CMS 1.2.4 and earlier versions, which stems from a path traversal vulnerability in the file /file-manager/rename.php...

PT-2023-32849 · Unknown · Codelyfe Stupid Simple Cms

Name of the Vulnerable Software and Affected Versions: codelyfe Stupid Simple CMS versions up to 1.2.4 Description: A critical issue has been found in the software, affecting some unknown functionality of the file /file-manager/rename.php. The manipulation of the newName argument leads to path...