CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through = 1.5.3...

5.4CVSS5.9AI score0.00218EPSS

Exploits0References1

NVD•added 2025/06/20 3:15 p.m.•4 views

CVE-2025-50009

5.4CVSS0.00218EPSS

Exploits0References1

Cvelist•added 2025/06/20 3:4 p.m.•18 views

CVE-2025-50009 WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability

5.4CVSS0.00218EPSS

Exploits0References1

CVE•added 2025/06/20 3:4 p.m.•13 views

CVE-2025-50009

CVE-2025-5009 (Kata Plus) : WordPress Kata Plus add-ons (1.5.3 and earlier) suffer a Missing Authorization/broken access control vulnerability. Root cause is incorrectly configured access control levels allowing unauthorized actions. Affected software: Kata Plus – Addons for Elementor – Widgets, ...

5.4CVSS5.9AI score0.00218EPSS

Exploits0References1

Vulnrichment•added 2025/06/20 3:4 p.m.•3 views

CVE-2025-50009 WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3...

5.4CVSS5.5AI score0.00218EPSS

Exploits0References1

CNNVD•added 2025/06/20 12:0 a.m.•1 views

WordPress plugin Kata Plus 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.4CVSS6.5AI score0.00218EPSS

Exploits0References1

Positive Technologies•added 2025/06/20 12:0 a.m.•2 views

PT-2025-26366 · Climax Themes · Climax Themes Kata Plus

Name of the Vulnerable Software and Affected Versions: Climax Themes Kata Plus versions 1.5.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For Climax Themes...

5.4CVSS6.1AI score0.00218EPSS

Exploits0References4

Patchstack•added 2025/06/19 4:30 p.m.•4 views

WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin Kata Plus versions = 1.5.3...

5.4CVSS6.7AI score0.00218EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/05/23 6:17 a.m.•1 views

CVE-2024-50501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Climax Themes Kata Plus kata-plus allows DOM-Based XSS.This issue affects Kata Plus: from n/a through = 1.4.7...

6.5CVSS5.9AI score0.00155EPSS

Exploits0References1

RedhatCVE•added 2025/04/25 5:17 p.m.•4 views

CVE-2025-32572

Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through = 1.5.3...

9.8CVSS7.2AI score0.00249EPSS

Exploits0References1

NVD•added 2025/04/17 4:15 p.m.•3 views

CVE-2025-32572

Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through = 1.5.3...

9.8CVSS0.00249EPSS

Exploits0References1

CVE•added 2025/04/17 3:47 p.m.•44 views

CVE-2025-32572

CVE-2025-32572 is a PHP object injection flaw caused by deserialization of untrusted data in the Kata Plus WordPress plugin family (Kata Plus – Addons for Elementor – Widgets, Extensions and Templates). Affected versions range up to 1.5.2 (with CVE entries tracking up to 1.5.3 per Patchstack/Word...

9.8CVSS7.2AI score0.00249EPSS

Exploits0References1

Vulnrichment•added 2025/04/17 3:47 p.m.•3 views

CVE-2025-32572 WordPress Kata Plus Plugin <= 1.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2...

9.8CVSS6.9AI score0.00249EPSS

Exploits0References1

CNNVD•added 2025/04/17 12:0 a.m.•1 views

WordPress plugin Kata Plus 代码问题漏洞

9.8CVSS8.8AI score0.00249EPSS

Exploits0References1

Patchstack•added 2025/04/15 4:50 p.m.•3 views

WordPress Kata Plus Plugin <= 1.5.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Le Ngoc Anh in WordPress Plugin Kata Plus versions = 1.5.3...

9.8CVSS8.7AI score0.00249EPSS

Exploits0Affected Software1

NVD•added 2024/10/29 10:15 a.m.•11 views

CVE-2024-9376

The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00254EPSS

Exploits0References4

Cvelist•added 2024/10/29 9:31 a.m.•10 views

CVE-2024-9376 Kata Plus – Addons for Elementor – Widgets, Extensions and Templates <= 1.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4CVSS0.00254EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by