EUVD-2026-33912

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

CVE-2026-41257

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

CVE-2026-39703

CVE-2026-39703 is a Stored XSS vulnerability in the WordPress plugin WPBITS Addons For Elementor Page Builder , affecting versions through 1.8.1 . The issue arises from improper neutralization of input during web page generation, allowing injection of malicious scripts. Connected advisories consi...

WordPress Prowess theme <= 1.8.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Prowess versions = 1.8.1...

CVE-2023-25445

Missing Authorization vulnerability in HappyFiles HappyFiles Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1...

PT-2025-52567

Name of the Vulnerable Software and Affected Versions HappyFiles Pro versions through 1.8.1 Description An authorization issue exists in HappyFiles Pro, allowing exploitation due to incorrectly configured access control security levels. This can lead to unauthorized access. Recommendations Update...

WordPress plugin Fabrica 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2024-34521

Malicious code in bioql PyPI...

WordPress Bricks theme <= 1.8.1 - Cross-Site Request Forgery via save_settings vulnerability

Cross-Site Request Forgery via savesettings vulnerability discovered by Ram in WordPress Theme Bricks Builder versions = 1.8.1...

CVE-2024-5543

The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

PT-2024-25573 · Avirtum · Avirtum Ipanorama 360 Wordpress Virtual Tour Builder

Name of the Vulnerable Software and Affected Versions: Avirtum iPanorama 360 WordPress Virtual Tour Builder versions 1.8.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder. Recommendations: For Avirtum...

CVE-2021-4361

The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchjobintegrationssettinsave AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on...

PT-2023-15935 · WordPress · Adsanity

Name of the Vulnerable Software and Affected Versions: AdSanity plugin for WordPress versions up to, and including, 1.8.1 Description: The issue is related to missing file type validation in the ajax upload function, allowing authenticated attackers with Contributor+ level privileges to upload...

WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control

Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...

PT-2023-15891 · Snoyberg · Keter

Name of the Vulnerable Software and Affected Versions: snoyberg keter versions up to 1.8.1 Description: A vulnerability has been found in snoyberg keter, classified as problematic. This issue affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross-sit...

PT-2019-11324 · Jenkins · Jenkins Octopusdeploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin versions 1.8.1 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have the server connect to an attacker-specified URL and obtain the HTTP...

CVE-2018-0645

MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors...

Zeta Components Mail Remote Code Execution Vulnerability

Zeta Components is a high-quality , general-purpose application development library based on PHP 5 implementation . A remote code execution vulnerability exists in the Zeta Components Mail library version 1.8.1 and earlier, which can be exploited by an attacker to execute arbitrary code on a serv...