Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/12/18 11:36 p.m.2 views

CVE-2023-53921

SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...

9.8CVSS8.7AI score0.00456EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-59251

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00822EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2024/09/13 3:15 p.m.1 views

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

7.2CVSS6AI score0.01063EPSS
Exploits0References3
OSV
OSVadded 2024/05/02 5:15 p.m.2 views

CVE-2023-7064

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

7.5CVSS6AI score
Exploits0References2
Cvelist
Cvelistadded 2024/05/02 4:52 p.m.9 views

CVE-2023-7064 Shortcodes and extra features for Phlox theme <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possibl...

7.5CVSS7.8AI score0.00822EPSS
Exploits0References5
CVE
CVEadded 2024/05/02 4:52 p.m.64 views

CVE-2023-7064

The CVE-2023-7064 entry concerns the WordPress plugin Shortcodes and extra features for Phlox theme (auxin-elements). It describes a PHP Object Injection vulnerability via deserialization of untrusted input from the vulnerable id parameter in the function auxin_template_control_importer, affectin...

7.5CVSS6.1AI score0.00822EPSS
Exploits0References5Affected Software1
WPVulnDB
WPVulnDBadded 2024/04/16 12:0 a.m.15 views

Shortcodes and extra features for Phlox theme <= 2.15.2 - Subscriber+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inje...

7.5CVSS7.1AI score0.00822EPSS
Exploits0References1
Rows per page
Query Builder