CVE-2025-69375

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through = 1.2.5...

CVE-2025-69375

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through = 1.2.5...

CVE-2025-69375 WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through = 1.2.5...

CVE-2025-69375

CVE-2025-69375 is a Local File Inclusion vulnerability in the WordPress Portfolio Builder (swp-portfolio) plugin. The issue is described as improper control of filename for include/require statements, enabling PHP Local File Inclusion. Affected versions are Portfolio Builder up to and including 1...

PT-2026-21156

Name of the Vulnerable Software and Affected Versions SolverWp Portfolio Builder versions through 1.2.5 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...

WordPress plugin Portfolio Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Portfolio Builder versions = 1.2.5...

CVE-2025-1757

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhubportfolio' and 'pfhubportfolioportfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping o...

EUVD-2024-46038

Malicious code in bioql PyPI...

EUVD-2024-43366

Malicious code in bioql PyPI...

EUVD-2024-52120

Malicious code in bioql PyPI...

CVE-2024-52486

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SolverWp Elementor Portfolio Builder portfolio-builder-elementor allows DOM-Based XSS.This issue affects Elementor Portfolio Builder: from n/a through = 1.0.0...

CVE-2024-49302

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in portfoliohub WordPress Portfolio Builder – Portfolio Gallery uber-grid allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through = 1.1.7...

CVE-2025-1757

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhubportfolio' and 'pfhubportfolioportfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping o...

CVE-2025-1757

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhubportfolio' and 'pfhubportfolioportfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping o...

CVE-2025-1757

CVE-2025-1757 refers to WordPress Portfolio Builder – Portfolio Gallery (Uber Grid) with Stored XSS via pfhub_portfolio and pfhub_portfolio_portfolio shortcodes in versions up to 1.1.7. The Red Hat and CIRCL entries corroborate the description. The vulnerability requires authenticated access (Con...

CVE-2025-1757 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhubportfolio' and 'pfhubportfolioportfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping o...

WordPress plugin WordPress Portfolio Builder – Portfolio Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-13231 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addvideo' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitra...

CVE-2024-13231

CVE-2024-13231 : The WordPress Portfolio Builder – Portfolio Gallery plugin has a vulnerability in all versions up to 1.1.7 due to a missing capability check in the add_video function, enabling an unauthenticated attacker to modify data by adding arbitrary videos to any portfolio gallery. This is...