CVE-2026-1988 Flexi Product Slider and Grid for WooCommerce <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion via 'theme' Shortcode Attribute

The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the flexipsgcarousel shortcode. This is due to the theme parameter being directly concatenated into a file path without proper sanitization ...

CVE-2026-1988 Flexi Product Slider and Grid for WooCommerce <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion via 'theme' Shortcode Attribute

The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the flexipsgcarousel shortcode. This is due to the theme parameter being directly concatenated into a file path without proper sanitization ...

CVE-2026-1988

The WordPress plugin Flexi Product Slider and Grid for WooCommerce (versions ≤ 1.0.5) has an Authenticated (Contributor+) Local File Inclusion vulnerability exploitable via the 'theme' shortcode attribute. Root cause: Local File Inclusion in the shortcode handling. Impact: potential access to loc...

EUVD-2025-24997

Malicious code in bioql PyPI...

CVE-2025-8905

The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...

PT-2025-33467 · WordPress · Inpersttion For Theme

Name of the Vulnerable Software and Affected Versions: Inpersttion For Theme plugin for WordPress versions prior to 1.0 Description: The Inpersttion For Theme plugin for WordPress is susceptible to Remote Code Execution in versions up to and including 1.0 via the theme section shortcode function...