19 matches found
EUVD-2025-6740
Malicious code in bioql PyPI...
CVE-2025-2505
The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those...
CVE-2025-2505
The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those...
CVE-2025-2505
The CVE-2025-2505 entry concerns the WordPress Age Gate plugin, affected versions up to and including 3.5.3. A local PHP file inclusion via the lang parameter allows unauthenticated attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls and expos...
CVE-2025-2505 Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang'
The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those...
CVE-2025-2505 Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang'
The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those...
CVE-2024-13790 MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
CVE-2024-10516
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...
CVE-2024-11952
The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...
CVE-2024-10516
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...
CVE-2024-10516
CVE-2024-10516 is an active vulnerability affecting the Swift Performance Lite WordPress plugin. According to connected sources, versions up to and including 2.3.7.1 are vulnerable to an unauthenticated Local PHP File Inclusion via the ajaxify parameter, enabling arbitrary PHP code execution on t...
CVE-2024-10516 Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...
CVE-2024-10516 Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...
CVE-2021-24820
The Cost Calculator WordPress plugin through 1.6 allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.6 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout...
WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities
TheCartPress plugin is prone to multiple vulnerabilities, such as local PHP file inclusion, stored XSS, improper access control and multiple XSS vulnerabilities. Solution Update the plugin...
WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities
Advisory ID: HTB23254 Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor Notification: April 8, 2015 Public Disclosure: April 29, 2015 Vulnerabili...
Invision Power Board Local File Inclusion / SQL Injection
============================================= - Release date: December 4th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL...
Invision Power Board <= 3.0.4 LFI and <=3.0.4 and <=2.3.6 SQL Injection
No description provided by source. ============================================= - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL Injection Invision Power Board = 2.3....
[Full-disclosure] GeSHi Local PHP file inclusion 1.0.7.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GeSHi Local PHP file inclusion 1.0.7.2 Author: Maksymilian Arciemowicz cXIb8O3 .17 Date: 21.9.2005 from SECURITYREASON.COM - --- 0.Description --- GeSHi started as a mod for the phpBB forum system, to enable highlighting of more languages than the...