100 matches found
CVE-2025-63078
The CVE-2025-63078 entry concerns the WordPress plugin “Restaurant Menu by MotoPress” (MotoPress) <= 2.4.11. Affected component is the plugin’s access control mechanism, with root cause described as Broken Access Control. The vulnerability is reported to affect users of the plugin in WordPress...
WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Fluent Booking versions = 2.1.0...
CVE-2026-54838
Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...
PT-2026-50105
Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...
WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...
PT-2026-47074
Name of the Vulnerable Software and Affected Versions WP User Manager – User Profile Builder & Membership versions prior to 2.9.18 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. This occurs through the...
PT-2026-44208
The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-8873
The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...
WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin PDF Poster versions = 2.4.1...
CVE-2026-6579 liangliangyy DjangoBlog Clean Endpoint views.py missing authentication
A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...
CVE-2026-40744
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...
CVE-2026-39487
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...
Exploit for CVE-2026-5465
CVE-2026-5465: Privilege Escalation en Plugin Amelia WordPress...
PT-2026-27870
Name of the Vulnerable Software and Affected Versions NooTheme Organici Library versions through 2.1.2 Description The NooTheme Organici Library contains a flaw related to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection issue. This allows for...
CVE-2026-3584
CVE-2026-3584 – WordPress Kali Forms
CVE-2026-4240 Open5GS CCA smf_s6b_sta_cb denial of service
A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smfgxccacb/smfgyccacb/smfs6baaacb/smfs6bstacb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may...
EUVD-2026-9755
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider PerpetuumMobile uberSliderperpetuummobile allows Reflected XSS.This issue affects UberSlider PerpetuumMobile: from n/a through = 2.3...
CVE-2026-28099
CVE-2026-28099 refers to LambertGroup UberSlider Ultra (uberSlider_ultra) for WordPress. It is a Reflected XSS affecting UberSlider Ultra versions up to 2.3. The CVE notes improper neutralization of input during web page generation, enabling cross-site scripting. From the provided metrics, the CV...
CVE-2026-28086
CVE-2026-28086 describes a Local File Inclusion in ThemeREX Run Gran (WordPress theme) versions up to and including 2.0, caused by Improper Control of Filename for Include/Require in PHP. The vulnerability allows an attacker to abuse include/require filename handling to access local files on the ...
CVE-2025-54001 WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through = 2.5...