Lucene search
K

193 matches found

Patchstack
Patchstack
added 2026/04/16 12:49 a.m.5 views

WordPress Livemesh Addons by Elementor plugin <= 9.0 - Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter vulnerability

Authenticated Contributor+ Local File Inclusion via Widget Template Parameter vulnerability discovered by Webbernaut in WordPress Plugin Livemesh Addons for Elementor versions = 9.0...

8.8CVSS5.8AI score0.00816EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33275

Name of the Vulnerable Software and Affected Versions Livemesh Addons for Elementor versions prior to 9.1 Description The plugin is subject to Local File Inclusion due to insufficient sanitization of the template name parameter within the lae get template part function. The implementation uses an...

8.8CVSS5.6AI score0.00816EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/14 10:56 p.m.5 views

EUVD-2026-22804

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

7.2CVSS6AI score0.00731EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.14 views

PT-2026-32961

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

7.2CVSS6AI score0.00731EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.7 views

CVE-2026-1463

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.5AI score0.00452EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 6:31 p.m.8 views

EUVD-2026-12851

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.3AI score0.00452EPSS
Exploits0References5
NVD
NVD
added 2026/03/18 5:16 p.m.7 views

CVE-2026-1463

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS0.00452EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/18 4:26 p.m.2 views

CVE-2026-1463 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.3AI score0.00452EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/18 4:26 p.m.3 views

CVE-2026-1463

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.3AI score0.00452EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 4:26 p.m.18 views

CVE-2026-1463

CVE-2026-1463 affects the WordPress plugin “NextGEN Gallery” (Photo Gallery, Sliders, Proofing and Themes). Description: Local File Inclusion via the template parameter in gallery shortcodes is possible in all versions up to 4.0.3. Exploitation requires authenticated access at Author level or hig...

8.8CVSS6.3AI score0.00452EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/18 4:26 p.m.23 views

CVE-2026-1463 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS0.00452EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.11 views

PT-2026-26087

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.5AI score0.00452EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/02/18 1:28 p.m.6 views

CVE-2026-1216

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...

7.2CVSS5.7AI score0.00236EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/18 8:42 a.m.6 views

WordPress RSS Aggregator plugin <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter vulnerability

Reflected Cross-Site Scripting via 'template' Parameter vulnerability discovered by zer0gh0st in WordPress Plugin WP RSS Aggregator versions = 5.0.10...

7.2CVSS5.5AI score0.00236EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/17 10:15 a.m.8 views

CVE-2026-1216

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...

7.2CVSS0.00236EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/17 9:26 a.m.5 views

CVE-2026-1216

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...

7.2CVSS5.7AI score0.00236EPSS
Exploits0References5
CVE
CVE
added 2026/02/17 9:26 a.m.16 views

CVE-2026-1216

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the template parameter in all versions up to and including 5.0.10, due to insufficient input sanitization and output escaping on user-supplied attributes. Unauthenticated attackers can trick a user into cl...

7.2CVSS5.7AI score0.00236EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/17 9:26 a.m.3 views

CVE-2026-1216 RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...

7.2CVSS5.7AI score0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/17 9:26 a.m.35 views

CVE-2026-1216 RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...

7.2CVSS0.00236EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.8 views

PT-2026-8400

Name of the Vulnerable Software and Affected Versions RSS Aggregator plugin for WordPress versions up to and including 5.0.10 Description The RSS Aggregator plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

7.2CVSS5.5AI score0.00236EPSS
Exploits0References10
Rows per page
Query Builder