Lucene search
K

92 matches found

Nuclei
Nuclei
added yesterday158 views

Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE

The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains. id: CVE-2023-0159 info:...

7.5CVSS7.1AI score0.55736EPSS
Exploits3References5
NVD
NVD
added 2026/03/31 6:16 p.m.16 views

CVE-2025-62184

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:52 p.m.1 views

CVE-2025-62184

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 5:52 p.m.1 views

CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component.

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.11 views

PT-2026-29322

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.7 views

CVE-2025-60087

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

8.1CVSS5.5AI score0.00578EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2025-60087

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

8.1CVSS0.00578EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.22 views

CVE-2025-60087

The CVE-2025-60087 entry describes a Local File Inclusion in the WordPress plugin Extensive VC Addons for WPBakery page builder (versions up to and including 1.9.1). The root cause is improper control of filename for include/require statements in PHP, enabling LFI via PHP Include/Require operatio...

8.1CVSS5.5AI score0.00578EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.3 views

CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

8.1CVSS5.5AI score0.00578EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.26 views

CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...

8.1CVSS0.00578EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21039

Name of the Vulnerable Software and Affected Versions Extensive VC Addons for WPBakery page builder versions through 1.9.1 Description A flaw exists in Extensive VC Addons for WPBakery page builder that allows for PHP Local File Inclusion due to improper control of filename for include/require...

5.4AI score0.00578EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/19 1:27 a.m.6 views

CVE-2025-62183

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low...

4.8CVSS5.5AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/17 10:53 p.m.26 views

CVE-2025-62183 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low...

4.8CVSS0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 10:53 p.m.2 views

CVE-2025-62183

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low...

4.8CVSS5.5AI score0.00251EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/17 10:53 p.m.12 views

CVE-2025-62183

CVE-2025-62183 affects Pega Platform versions 8.1.0 through 25.1.1 with a Stored Cross-site Scripting vulnerability in a user interface component. Root cause: stored XSS in a UI component. Exploitation requires an administrative user with extensive rights. Reported impact to confidentiality and i...

4.8CVSS5.5AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.6 views

EUVD-2025-203224

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...

8.1CVSS6.6AI score0.00533EPSS
Exploits0References8
NVD
NVD
added 2025/12/13 4:16 p.m.4 views

CVE-2025-14475

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...

8.1CVSS0.00533EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.22 views

CVE-2025-14475 Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...

8.1CVSS0.00533EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.4 views

CVE-2025-14475 Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...

8.1CVSS6.7AI score0.00533EPSS
Exploits0References7
CVE
CVE
added 2025/12/13 4:31 a.m.23 views

CVE-2025-14475

CVE-2025-14475 — Extensible VC Addons for WPBakery (WordPress) LFI via shortcode_name . The vulnerability affects the Extensible VC Addons for WPBakery Page Builder plugin up to version 1.9.1. The root cause is insufficient path normalization/validation of the user-supplied shortcode_name paramet...

8.1CVSS6.7AI score0.00533EPSS
Exploits0References7
Rows per page
Query Builder