377 matches found
WordPress Houzez Theme - Functionality Plugin <= 4.1.2 - Arbitrary File Download Vulnerability
WordPress Houzez Theme - Functionality Plugin = 4.1.2 - Arbitrary File Download Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Houzez Theme - Functionality versions = 4.1.2...
CVE-2025-39886 bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init()
In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allowspinning=false path in bpftimerinit Currently, calling bpfmapkmallocnode from bpfasyncinit can cause various locking issues; see the following stack trace edited for style as one example: ... 10.011566...
WordPress Anubia Theme <= 1.0.14 is vulnerable to Local File Inclusion
Software Anubia Type Theme Vulnerable versions = 1.0.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID b5ed4e6dec35 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress Doccure Theme <= 1.4.8 is vulnerable to Arbitrary File Upload
Software Doccure Type Theme Vulnerable versions = 1.4.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-9113 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a390d4c607ad Credits IstvĂĄn MĂĄrton Required privilege Unauthenticated...
WordPress AI ANN Theme <= 1.1.0 is vulnerable to Local File Inclusion
Software AI ANN Type Theme Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID db0cdc544b6f Credits Bonds Required privilege Unauthenticated Published 8...
WordPress Samadhi Theme <= 1.0.13 is vulnerable to Local File Inclusion
Software Samadhi Type Theme Vulnerable versions = 1.0.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bf8a42958bd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress Pin WP Theme < 7.2 is vulnerable to Arbitrary File Upload
Software Pin WP Type Theme Vulnerable versions 7.2 Fixed in 7.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2025-53251 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 85f8a3209836 Credits Bonds Required privilege Subscriber Published 27 August...
WordPress Wptobe-memberships plugin <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Aril Aprilio forsak3n in WordPress Plugin Wptobe-memberships versions = 3.4.2...
WordPress Rankie plugin < 1.8.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Anhchangmutrang in WordPress Plugin Rankie versions 1.8.2...
WordPress Workreap plugin <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media' vulnerability
Authenticated Subscriber+ Arbitrary File Upload via 'workreaptempuploadtomedia' vulnerability discovered by Foxyyy in WordPress Plugin Workreap theme's plugin versions = 3.3.2...
WordPress Ruza Theme <= 1.0.7 is vulnerable to Local File Inclusion
Software Ruza Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49255 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 6bd5103cfe41 Credits Phat RiO - BlueRock Required privilege...
WordPress Zota Theme <= 1.3.8 is vulnerable to Local File Inclusion
Software Zota Type Theme Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49257 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 511b31ea918b Credits Phat RiO - BlueRock Required privilege...
WordPress WPCHURCH plugin <= 2.7.0 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by PhĂșc ton luoi in WordPress Plugin WPCHURCH versions = 2.7.0...
WordPress Minterio Theme <= 1.4.0 is vulnerable to Local File Inclusion
Software Minterio Type Theme Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 004a498a9b2a Credits Bonds Required privilege Unauthenticated Publish...
WordPress MapSVG plugin < 8.6.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Anhchangmutrang Patchstack Alliance in WordPress Plugin MapSVG versions 8.6.13...
WordPress Bus Ticket Booking with Seat Reservation for WooCommerce plugin <= 1.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Bus Ticket Booking with Seat Reservation for WooCommerce versions = 1.7...
WordPress Oxpitan Theme <= 1.3.1 is vulnerable to Local File Inclusion
Software Oxpitan Type Theme Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-32294 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 95fea536d9dc Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress UiPress lite plugin <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution vulnerability
Authenticated Subscriber+ Remote Code Execution vulnerability discovered by WordFence in WordPress Plugin UiPress lite versions = 3.5.07...
WordPress Opal Woo Custom Product Variation plugin <= 1.2.0 - Arbitrary File Deletion Vulnerability
Arbitrary File Deletion Vulnerability discovered by timomangcut in WordPress Plugin Opal Woo Custom Product Variation versions = 1.2.0...
WordPress WPFunnels plugin <= 3.5.18 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin WPFunnels versions = 3.5.18...