15 matches found
CVE-2025-69114 WordPress MaxiNet theme <= 1.2.10 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in MaxiNet = 1.2.10 versions...
WordPress MaxiNet theme <= 1.2.10 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MaxiNet versions = 1.2.10...
CVE-2026-32431
The CVE concerns the WordPress plugin Astra Bulk Edit (Brainstorm Force) for Astra Bulk Edit, specifically the astra-bulk-edit component. It describes a DOM-based XSS introduced by improper neutralization of input during web page generation, resulting in a Cross-Site Scripting vulnerability. Affe...
CVE-2026-25422
Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through = 1.2.10...
CVE-2026-25939
Summary : FUXA is a web-based SCADA/HMI/dashboard. From v1.2.8 to v1.2.10, an authorization bypass allows an unauthenticated, remote attacker to create/modify arbitrary schedulers via the REST endpoint (notably POST/DELETE /api/scheduler), exposing connected ICS/SCADA environments to follow-on ac...
CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA...
CVE-2025-68003
Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through = 1.2.10...
CVE-2025-68003
Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through = 1.2.10...
WordPress Skillate theme <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Skillate versions = 1.2.10...
WordPress Select Graphist for Elementor Graphist for Elementor plugin <= 1.2.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Select Graphist for Elementor Graphist for Elementor versions = 1.2.10...
CVE-2025-57321
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS as the minimum consequence...
WordPress Hara theme <= 1.2.10 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Hara versions = 1.2.10...
CVE-2025-27324
CVE-2025-27324 : Reflected Cross-Site Scripting in the WordPress plugin “17TRACK for WooCommerce”
CVE-2024-35734
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10...
PT-2023-28077 · Wpgens · Swifty Bar
Name of the Vulnerable Software and Affected Versions: Swifty Bar, sticky bar by WPGens plugin versions = 1.2.10 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This allows for malicious scripts to be stored on th...