162 matches found
EUVD-2025-3848
Malicious code in bioql PyPI...
WordPress Ultra Addons for Contact Form 7 plugin <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via UACF7CUSTOMFIELDS Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.21...
WordPress Ultra Addons for Contact Form 7 plugin 3.5.11-3.5.19 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Sy5temFr4cture in WordPress Plugin Ultimate Addons for Contact Form 7 versions 3.5.11-3.5.19...
WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options' vulnerability
Authenticated Administrator+ Arbitrary File Upload via 'saveoptions' vulnerability discovered by Ryan Kozak in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.12...
CVE-2025-49323
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.10...
CVE-2025-49323
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.10...
CVE-2025-49323
CVE-2025-49323 affects Hydra Booking (Themefic) for WordPress. The issue is an authenticated SQL injection in Hydra Booking
CVE-2025-49323 WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.10...
CVE-2025-49323 WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.10...
PT-2025-24247 · Unknown · Themefic Hydra Booking
Name of the Vulnerable Software and Affected Versions: Themefic Hydra Booking versions 1.1.10 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
CVE-2024-32433
Cross-Site Request Forgery CSRF vulnerability in Themefic BEAF beaf-before-and-after-gallery.This issue affects BEAF: from n/a through = 4.5.4...
CVE-2024-29134
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through = 2.11.8...
CVE-2023-30493
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin = 3.2.0 versions...
CVE-2023-30495
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23...
CVE-2023-47693
Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.2.6...
CVE-2025-47550
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through = 3.3.16...
CVE-2025-47549
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through = 4.6.10...
CVE-2025-47550
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through = 3.3.16...
CVE-2025-47550
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16...
CVE-2025-47549
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through = 4.6.10...