Lucene search
K

269 matches found

Nuclei
Nuclei
added yesterday36 views

Visualizer <3.3.1 - Blind Server-Side Request Forgery

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. id: CVE-2019-16932 info: name: Visualizer 3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to...

10CVSS7AI score0.39137EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday74 views

WordPress Visualizer <3.3.1 - Cross-Site Scripting

WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard...

6.1CVSS6.6AI score0.03342EPSS
Exploits2References5
NVD
NVD
added 2 days ago5 views

CVE-2026-61970

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS0.00119EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-61970

The CVE-2026-61970 entry concerns a Server-Side Request Forgery (SSRF) in the Themeisle Auto Featured Image (Auto Post Thumbnail) WordPress plugin. Affected versions are &lt;= 5.0.4 (reported as from n/a through

4.9CVSS6.1AI score0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:34 p.m.7 views

EUVD-2026-39398

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.4AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-24573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS5.4AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42749

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS5.4AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 9:43 a.m.10 views

EUVD-2025-210035

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 9:43 a.m.47 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45718

Name of the Vulnerable Software and Affected Versions Themeisle Masteriyo LMS PRO versions prior to 2.20.1 Description Incorrect Privilege Assignment in Themeisle Masteriyo LMS PRO allows for Privilege Escalation, a condition where a user can gain higher levels of access or permissions than they...

9.8CVSS5.4AI score0.00275EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 11:16 a.m.25 views

CVE-2026-42749

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.25 views

CVE-2026-42749

CVE-2026-42749 concerns a vulnerability in the WordPress plugin “Disable Comments for Any Post Types (Remove comments)” by Themeisle. Connected documents specify a Broken Authentication issue that enables an authentication bypass via an alternate path/channel, with potential for “Password Recover...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43658

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 1:16 p.m.13 views

CVE-2026-24573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 12:54 p.m.6 views

CVE-2026-24573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS5.8AI score0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:54 p.m.11 views

EUVD-2026-31099

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS5.8AI score0.00166EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 12:54 p.m.11 views

CVE-2026-24573

The CVE-2026-24573 entry affects the WordPress Visualizer plugin prior to version 4.0.0. The issue is a Stored XSS (Improper Neutralization of Input During Web Page Generation) in the Visualizer component, enabling an attacker-supplied payload to be stored and rendered in the affected pages. Affe...

6.5CVSS5.8AI score0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.13 views

PT-2026-42150

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS5.8AI score0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15689

Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...

9.9CVSS5.8AI score0.00311EPSS
Exploits0References2
Rows per page
Query Builder