Lucene search
+L

78 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57698 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 5:42 p.m.38 views

CVE-2026-57737 WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta LTD Shortcodes and extra features for Phlox theme allows DOM-Based XSS. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.16...

6.5CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:15 p.m.12 views

CVE-2026-32526

CVE-2026-32526 affects the WordPress plugin VillaTheme Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), version range: = 1.1.11) or apply vendor-provided fixes where available. Documentation in connected sources consistently identifies this as a Stored XSS affecting the plug...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 8:33 a.m.6 views

CVE-2026-28132

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

5.3CVSS5.4AI score0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.7 views

CVE-2025-15096

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...

8.8CVSS5.7AI score0.00316EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:49 a.m.5 views

CVE-2025-15096

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...

8.8CVSS5.7AI score0.00316EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 9:49 a.m.22 views

CVE-2025-15096

The CVE-2025-15096 entry covers the WordPress plugin Videospirecore Theme Plugin, vulnerable in all versions up to 1.0.6. The issue stems from improper identity validation when updating user details (e.g., email), allowing an authenticated attacker with Subscriber-level access or higher to change...

8.8CVSS5.7AI score0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.13 views

WordPress plugin Videospirecore Theme Plugin 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.8AI score0.00316EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/02 6:48 a.m.12 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via auxcontactbox and auxgmaps Shortcodes vulnerability discovered by David Gallagher BatFeats - Adept Digital in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.0...

6.4CVSS7.3AI score0.00321EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 4:10 a.m.7 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Modern Heading Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.13...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.7 views

PT-2026-1695

Name of the Vulnerable Software and Affected Versions Phlox Theme Plugin for WordPress versions prior to 2.17.14 Description The Shortcodes and extra features for Phlox theme plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs due to insufficient input sanitization and...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/01/06 6:36 a.m.26 views

CVE-2025-13215 Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxelsajaxsearch due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers...

5.3CVSS0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32103

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00531EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-50447

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17105

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00404EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-17141

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00358EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-25634

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00714EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-49217

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00363EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2024-50979

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/28 12:36 p.m.1 views

CVE-2025-48325 WordPress WP Admin Theme plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in shmish111 WP Admin Theme allows Stored XSS. This issue affects WP Admin Theme: from n/a through 1.0...

7.1CVSS7AI score0.00118EPSS
Exploits0References1
Rows per page
Query Builder