CVE-2025-53346 WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3...

CVE-2025-53345

CVE-2025-53345: A Missing Authorization flaw in ThimPress Thim Core (WordPress plugin) allows arbitrary code execution when a malicious vulnerable plugin is installed, affecting Thim Core up to version 2.3.3. CVSS v3.1 metrics indicate Network attack vector, Low attack complexity, Privileges Requ...

CVE-2026-39661

CVE-2026-39661 affects the WordPress SW Core plugin (versions ≤ 1.7.18). The issue is a PHP Local File Inclusion due to improper control of the filename used in include/require (the vulnerability aligns with a PHP Remote File Inclusion pattern). The CVSS metrics indicate NETWORK attack vector, HI...

CVE-2026-39655

CVE-2026-39655 applies to WordPress Mayosis Core plugin, affected through version 5.4.7. The issue is described as a Missing Authorization (Broken Access Control) vulnerability in TeconceTheme Mayosis Core, allowing exploitation due to incorrectly configured access control security levels. CVSS v...

WordPress SW Core plugin <= 1.7.18 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SW Core versions = 1.7.18...

CVE-2026-40178 ajenti.plugin.core has a race conditions in 2FA

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...

Unspecified Vulnerability in WordPress Plugin Listeo Core

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Listeo Core, which stems from a lack of...

CVE-2025-14938

The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeocorehandledroppedmedia" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. This...

PT-2026-30342

The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeo core handle dropped media" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. Thi...

CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

CVE-2026-32516

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through 2.1.2...

EUVD-2026-15876

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through 2.1.2...

EUVD-2026-15637

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

CVE-2026-32516

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through 2.1.2...

CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

CVE-2026-32516 WordPress Miraculous Core Plugin plugin < 2.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through 2.1.2...

CVE-2026-32516

CVE-2026-32516 affects the WordPress Miraculous Core Plugin (versions prior to 2.1.2). The issue is an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. The CVSSv3.1 vector is AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L with a...

CVE-2026-32516 WordPress Miraculous Core Plugin plugin < 2.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through 2.1.2...

CVE-2026-25461

CVE-2026-25461 is a Reflected Cross-Site Scripting vulnerability in Listeo Core (Purethemes Listeo-Core), affecting the Directory Plugin by Purethemes up to version 2.0.21. The provided documents identify this as a high-severity issue (CVSS v3.1: 7.1) with network access, no privileges required, ...

CVE-2026-25461 WordPress Listeo Core plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through = 2.0.21...