3 matches found
CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...
CVE-2025-64223
CVE-2025-64223 affects the WordPress PenNews plugin/theme and is a PHP Local File Inclusion vulnerability caused by improper control of the filename for include/require. The issue affects PenNews versions older than 6.7.3. Metrics indicate a high-severity impact (CVSS 3.1: base score 8.1) with ne...
CVE-2025-67572
CVE-2025-67572 affects the PenNews WordPress theme (PenNews) prior to version 6.7.4, due to Missing/Incorrect Authorization in access controls. The issue enables unauthorized access due to misconfigured security levels. Reported in multiple sources (Wordfence, Patchstack, CVE records) with a CVSS...