EUVD-2026-31296

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10...

CVE-2026-39593 WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10...

CVE-2026-39593

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10...

PT-2026-42491

Name of the Vulnerable Software and Affected Versions VillaTheme HAPPY versions prior to 1.0.11 Description A missing authorization issue in VillaTheme HAPPY allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to version 1.0.11 or later...

EUVD-2026-22892

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...

CVE-2026-40737 WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...

CVE-2026-32526 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.10...

CVE-2026-32526 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.10...

CVE-2026-28132

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

PT-2026-22134

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

CVE-2025-67977

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.8...

CVE-2025-67977

CVE-2025-67977 describes a Missing Authorization vulnerability in the WordPress plugin “HAPPY – Helpdesk Support Ticket System” (versions up to and including 1.0.8). According to Red Hat/NVD/CVE records, the flaw is a Broken Access Control via incorrectly configured access levels, enabling unauth...

PT-2026-21050

Name of the Vulnerable Software and Affected Versions VillaTheme HAPPY versions through 1.0.8 Description The software contains a missing authorization flaw due to incorrectly configured access control security levels. This allows for potential exploitation. Recommendations Update VillaTheme HAPP...

CVE-2026-27052

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...

CVE-2026-27052 WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...

CVE-2026-27052 WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...

PT-2026-20760

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...

CVE-2025-68556

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.9...

CVE-2025-68550

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme WPBulky wpbulky-wp-bulk-edit-post-types allows Blind SQL Injection.This issue affects WPBulky: from n/a through = 1.1.13...

CVE-2025-68556

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9...