Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 12:29 p.m.9 views

CVE-2026-3425 RTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Local File Inclusion via 'path'

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'getcontent' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

8.8CVSS6.4AI score0.00625EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 12:29 p.m.45 views

CVE-2026-3425 RTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Local File Inclusion via 'path'

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'getcontent' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

8.8CVSS0.00625EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:29 p.m.7 views

CVE-2026-3425

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'getcontent' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

8.8CVSS6.4AI score0.00625EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/07/05 12:0 a.m.5 views

The vulnerability of the `call_user_func` function in the LearnPress plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the calluserfunc function in the LearnPress plugin of the WordPress content management system is related to the lack of data cleansing at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through getcontent...

8.1CVSS8.2AI score0.08544EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/01/11 9:15 a.m.2 views

CVE-2023-6634

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

9.8CVSS6.3AI score0.08544EPSS
Exploits1References2
Prion
Prion
added 2022/12/27 1:15 p.m.22 views

Cross site request forgery (csrf)

A vulnerability was found in moodle-blocksitenews 1.0. It has been classified as problematic. This affects the function getcontent of the file blocksitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able ...

4.3CVSS6.5AI score0.00311EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder