Lucene search
K

527 matches found

EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37600

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-40748

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

9.9CVSS0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.26 views

CVE-2026-40748 WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

9.9CVSS0.00434EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.12 views

CVE-2026-40748

CVE-2026-40748 affects the WordPress Kids Gift Shop theme (versions ≤ 0.5.4). The vulnerability is described as an Arbitrary File Upload in the Subscriber context. Public details in connected sources indicate a very high severity CVSS v3.1 score (9.9, CRITICAL) with network access, low attack com...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 12:16 p.m.11 views

CVE-2026-40750

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

9.9CVSS0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 10:39 a.m.29 views

CVE-2026-40750 WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

9.9CVSS0.00273EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 10:39 a.m.8 views

EUVD-2026-37065

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

9.9CVSS5.2AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 10:39 a.m.23 views

CVE-2026-40750

CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...

9.9CVSS5.3AI score0.00273EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/06/15 7:1 a.m.21 views

A week in security (June 8 &#8211; June 14)

Last week on Malwarebytes Labs: Stolen iPhones could soon be worth a lot less to thieves Fake verification pages are stealing Steam accounts from players Google can be liable for false AI Overviews, court rules VRChat says reported data breach never happened Children’s phones must block nude imag...

5.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/23 7:57 a.m.10 views

Roblox clamps down on chats and age checks as legal pressure builds

Roblox has long faced criticism over child safety on its platform. Now it has started settling with state attorneys over the issue, and the total is climbing fast. On April 21, Alabama Attorney General Steve Marshall announced a $12.2 million settlement with the child-focused online gaming...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/04/20 10:34 a.m.10 views

WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Online Store versions = 0.8.9...

5.8AI score0.00273EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:33 a.m.7 views

WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Gift Shop versions = 0.5.4...

5.8AI score0.00434EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/19 6:37 p.m.7 views

@kids-reporter/cms-core (>=1.0.17 <=1.0.36), @kids-reporter/draft-editor (>=1.0.19 <=1.0.36) potentially affected by CVE-2025-46720 +1 more via @keystone-6/core (=6.5.1)

@keystone-6/core NPM version =6.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on @keystone-6/core and may be impacted: - @kids-reporter/cms-core =1.0.17, =1.0.19, =1.0.36 Source cves: CVE-2025-46720, CVE-2026-33326 Source advisory:...

4.3CVSS5.4AI score0.00257EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/23 9:16 p.m.6 views

CVE-2025-67619

Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...

8.8CVSS5.4AI score0.00503EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.3 views

CVE-2025-67619

Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...

8.8CVSS0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.3 views

CVE-2025-67619 WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...

8.8CVSS5.9AI score0.00503EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.2 views

CVE-2025-67619

Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...

8.8CVSS5.3AI score0.00503EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/22 4:51 p.m.17 views

CVE-2025-67619 WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...

8.8CVSS0.00503EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:51 p.m.10 views

CVE-2025-67619

CVE-2025-67619 describes a PHP object-injection via deserialization in the WordPress Kids Heaven theme (Kids Heaven: kids-world) for versions up to and including 3.2. Root cause: deserialization of untrusted data leading to object injection. Impact: high (per CVSS) across confidentiality, integri...

8.8CVSS5.4AI score0.00503EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.5 views

WordPress plugin Kids Heaven: Code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

8.8CVSS5.9AI score0.00503EPSS
Exploits0References1
Rows per page
Query Builder