75 matches found
WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ITactics versions = 1.0...
CVE-2026-8845 Islamic Database <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user-supplied 'width' and 'height' shortcode attributes within th...
WordPress iWR Tooltip plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin iWR Tooltip versions = 1.0...
CVE-2026-27080 WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through = 1.0...
CVE-2026-27076 WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through = 1.0...
CVE-2026-4077 Ecover Builder For Dummies <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'ecover' shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on the user-supplied 'id' shortcode...
WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme LuxeDrive versions = 1.0...
WordPress Amoli theme <= 1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Amoli versions = 1.0...
CVE-2026-22436 WordPress Helvig theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Helvig helvig allows PHP Local File Inclusion.This issue affects Helvig: from n/a through = 1.0...
WordPress Fiorello theme <= 1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fiorello versions = 1.0...
CVE-2026-24624
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a through = 1.0...
CVE-2026-22359 WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through = 1.0...
WordPress Neoforum plugin <= 1.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Mrreee in WordPress Plugin Neoforum versions = 1.0...
CVE-2025-14028
The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...
CVE-2025-13521 WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update
The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin...
CVE-2025-13531 Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter
The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'productname' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-206065
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zckevin ZhinaTwitterWidget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through 1.0...
CVE-2025-49342
Cross-Site Request Forgery CSRF vulnerability in merzedes Custom Style custom-style allows Stored XSS.This issue affects Custom Style: from n/a through = 1.0...
PT-2025-52113
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes W&D wd allows PHP Local File Inclusion.This issue affects W&D: from n/a through = 1.0...
CVE-2025-68083
Cross-Site Request Forgery CSRF vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through = 1.0...