Lucene search
K

1229 matches found

Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-53889

Name of the Vulnerable Software and Affected Versions OTWthemes Popping Sidebars and Widgets Light versions through 1.27 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This issue could...

5.9CVSS6AI score0.00172EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

WordPress plugin Popping Sidebars and Widgets Light 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.9CVSS5.4AI score0.00172EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/26 6:43 a.m.8 views

WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Popping Sidebars and Widgets Light versions = 1.27...

5.9CVSS6.1AI score0.00172EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 5:22 p.m.13 views

CVE-2025-62960

Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through = 1.6.7...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 5:15 p.m.4 views

CVE-2025-62960

Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through = 1.6.7...

5.4CVSS0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 4:51 p.m.3 views

CVE-2025-62960 WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7...

5.4CVSS6.6AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 4:51 p.m.28 views

CVE-2025-62960 WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in sparklewpthemes Construction Light construction-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through = 1.6.7...

5.4CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 4:51 p.m.9 views

CVE-2025-62960

CVE-2025-62960 is a Missing Authorization / Broken Access Control vulnerability reported for the WordPress theme Construction Light (affected: all versions up to 1.6.7). The Red Hat, NVD, CIRCL and CVE records consistently describe a lack of proper access control, enabling exploitation due to mis...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52270

Name of the Vulnerable Software and Affected Versions Sparkle WP Construction Light versions through 1.6.7 Description A missing authorization issue exists in Sparkle WP Construction Light, allowing exploitation of incorrectly configured access control security levels. Recommendations Update...

5.4CVSS6.5AI score0.00173EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin Construction Light 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.4CVSS6.4AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 6:57 a.m.6 views

CVE-2025-10684

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

4.3CVSS6.9AI score0.00102EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:31 a.m.16 views

EUVD-2025-203030

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

4.3CVSS6.4AI score0.00102EPSS
Exploits0References2
NVD
NVD
added 2025/12/12 6:15 a.m.22 views

CVE-2025-10684

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

4.3CVSS0.00102EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 6:0 a.m.19 views

CVE-2025-10684

CVE-2025-10684 affects the Construction Light WordPress theme prior to version 1.6.8. Multiple sources (NVD, Red Hat, CIRCL, CVE list) describe a lack of authorization and CSRF protection for an AJAX activation action, allowing any authenticated user (e.g., subscribers) to activate arbitrary func...

4.3CVSS6.5AI score0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/12 6:0 a.m.41 views

CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

0.00102EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/12 6:0 a.m.8 views

CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

6.5AI score0.00102EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WordPress plugin Construction Light 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.6AI score0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/25 10:25 a.m.12 views

PT-2025-41: The Twinkly Light Tree 3D firmware uses a vulnerable Blufi library

The vulnerability was identified in the Twinkly Light Tree 3D firmware, 2.8.18. An attacker within Bluetooth range, with physical access to a device running firmware prior to 2.9.0 and provisioning mode manually re-enabled could, in an attack scenario, interfere with the provisioning exchange and...

8.8CVSS5.8AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2025/11/25 12:15 a.m.10 views

AZL-70850 CVE-2025-65018 affecting package fltk 1.3.8-1

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread when processing...

7.1CVSS6.6AI score0.00224EPSS
Exploits4References1
EUVD
EUVD
added 2025/11/12 3:4 a.m.3 views

EUVD-2025-117267

Malicious code in light-amber-eel npm...

6.6AI score
Exploits0
Rows per page
Query Builder