CVE-2026-28068

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Rhythmo rhythmo allows PHP Local File Inclusion.This issue affects Rhythmo: from n/a through = 1.3.4...

WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Estate versions = 1.3.4...

WordPress Felizia theme <= 1.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Felizia versions = 1.3.4...

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'title_tag' Parameter vulnerability

WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin = 1.3.4 - Unauthenticated Reflected Cross-Site Scripting via 'titletag' Parameter vulnerability discovered by WordFence in WordPress Plugin WPZOOM Addons for Elementor versions = 1.3.4...

CVE-2025-49046

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup xPromoter topbarpromoter allows Reflected XSS.This issue affects xPromoter: from n/a through = 1.3.4...

WordPress plugin xPromoter has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Plugin Institutions Directory security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress OwnID Passwordless Login plugin <= 1.3.4 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin OwnID Passwordless Login versions = 1.3.4...

CVE-2025-10493 Chained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie

The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack and modify other...

CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

CVE-2025-58196

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.4...

WordPress plugin UiCore Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-39377 WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Appsero Helper appsero-helper allows SQL Injection.This issue affects Appsero Helper: from n/a through = 1.3.4...

crmeb_java 代码问题漏洞

crmebjava is a CRMEB open source Java mall system. A code issue vulnerability exists in crmebjava 1.3.4 and prior versions, which originates from an XML external entity reference and could allow a remote attacker to access sensitive information...

CVE-2025-22639

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Techspawn Distance Rate Shipping for WooCommerce distance-rate-shipping-for-woocommerce-pro allows Blind SQL Injection.This issue affects Distance Rate Shipping for WooCommerce: from n/a through =...

PT-2025-6952 · Woocommerce · Distance Rate Shipping For Woocommerce

Name of the Vulnerable Software and Affected Versions: Distance Rate Shipping for WooCommerce versions 1.3.4 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL...

WordPress plugin Social Rocket 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-37450

Cross-Site Request Forgery CSRF vulnerability in raratheme Benevolent benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through = 1.3.4...

WordPress plugin IMS Countdown 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-34034 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress plugins versions 1.3.4 through 3.5.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library due to insufficient input sanitization and output escaping on user-supplied...