PT-2026-34595

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

WordPress Omnipress plugin <= 1.6.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by theviper17 in WordPress Plugin Omnipress versions = 1.6.7...

CVE-2026-24569

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through = 1.6.7...

CVE-2026-24529

Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through = 1.6.7...

CVE-2025-62960 WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7...

CVE-2025-62093

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Image FullScreen Background lbgfullscreenfullwidthslider allows SQL Injection.This issue affects Image FullScreen Background: from n/a through = 1.6.7...

CVE-2025-62093

The CVE-2025-62093 entry concerns the WordPress plugin Image&Video FullScreen Background (lbg_fullscreen_fullwidth_slider) with a SQL Injection vulnerability due to improper neutralization of special elements in SQL commands. Affected versions are 1.6.7 and earlier; the issue is present in the pl...

PT-2025-49994

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Image&Video FullScreen Background lbg fullscreen fullwidth slider allows SQL Injection.This issue affects Image&Video FullScreen Background: from n/a through = 1.6.7...

CVE-2025-64283

Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through = 1.6.7...

CVE-2025-58971

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through = 1.6.7...

CVE-2025-58970 WordPress Doctreat theme <= 1.6.7 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in AmentoTech Doctreat doctreat allows Code Injection.This issue affects Doctreat: from n/a through = 1.6.7...

CVE-2025-51667

An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations...

PT-2025-34906

Name of the Vulnerable Software and Affected Versions: simple-admin-core versions 1.2.0 through 1.6.7 Description: An issue exists in the /sys-api/role/update interface of the simple-admin-core system. This interface has a SQL injection vulnerability that may lead to partial data leakage or...

WordPress RTMKit plugin <= 1.6.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Chazz Wolcott Patchstack in WordPress Plugin RTMKit versions = 1.6.7...

WordPress WP Delicious plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin WP Delicious versions = 1.6.7...

CVE-2024-0826

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-15845 · WordPress · Qi Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.6.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on...