Lucene search
+L

75 matches found

Patchstack
Patchstack
added 2026/05/27 1:46 p.m.11 views

WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ITactics versions = 1.0...

8.1CVSS5.8AI score0.00348EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.12 views

CVE-2026-8845 Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/26 5:27 p.m.10 views

WordPress iWR Tooltip plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin iWR Tooltip versions = 1.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-27080 WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through = 1.0...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.4 views

CVE-2026-27076 WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through = 1.0...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.35 views

CVE-2026-4077 Ecover Builder For Dummies <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'ecover' shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on the user-supplied 'id' shortcode...

6.4CVSS0.00201EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/03/10 10:29 a.m.7 views

WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme LuxeDrive versions = 1.0...

8.1CVSS5.8AI score0.00512EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/06 8:48 a.m.10 views

WordPress Amoli theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Amoli versions = 1.0...

5.8AI score0.00504EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.29 views

CVE-2026-22436 WordPress Helvig theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Helvig helvig allows PHP Local File Inclusion.This issue affects Helvig: from n/a through = 1.0...

8.1CVSS0.00504EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/25 8:25 a.m.8 views

WordPress Fiorello theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fiorello versions = 1.0...

8.1CVSS5.9AI score0.00504EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/23 3:16 p.m.15 views

CVE-2026-24624

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a through = 1.0...

7.6CVSS0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:56 p.m.5 views

CVE-2026-22359 WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through = 1.0...

5.4AI score0.00133EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/10 2:46 p.m.10 views

WordPress Neoforum plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mrreee in WordPress Plugin Neoforum versions = 1.0...

7.2CVSS5.8AI score0.00309EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14028

The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...

4.4CVSS0.003EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.5 views

CVE-2025-13521 WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update

The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin...

4.3CVSS5AI score0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.4 views

CVE-2025-13531 Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter

The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'productname' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.7AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/31 9:30 p.m.6 views

EUVD-2025-206065

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zckevin ZhinaTwitterWidget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through 1.0...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 2025/12/31 6:15 a.m.5 views

CVE-2025-49342

Cross-Site Request Forgery CSRF vulnerability in merzedes Custom Style custom-style allows Stored XSS.This issue affects Custom Style: from n/a through = 1.0...

7.1CVSS0.00094EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.7 views

PT-2025-52113

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes W&D wd allows PHP Local File Inclusion.This issue affects W&D: from n/a through = 1.0...

7.1AI score0.00415EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/17 10:3 a.m.3 views

CVE-2025-68083

Cross-Site Request Forgery CSRF vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through = 1.0...

5.4CVSS6.9AI score0.00099EPSS
Exploits0References1
Rows per page
Query Builder