30 matches found
CVE-2026-40761
Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...
CVE-2025-60218 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
CVE-2026-39554
CVE-2026-39554 concerns WordPress Theme Fidalgo (versions
EUVD-2026-36981
Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...
CVE-2026-39639 WordPress RPS Include Content plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Content: from n/a through = 1.2.2...
EUVD-2026-15882
Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through = 1.2.2...
CVE-2026-32377 WordPress Pranayama Yoga theme <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...
CVE-2026-27098
Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nanny Theme: from n/a through = 1.2.2...
CVE-2026-22374
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through = 1.2.2...
CVE-2026-24948
CVE-2026-24948 is a reflected XSS vulnerability in the WordPress plugin Reflector (fox-themes Reflector reflector-plugins) affecting versions up to and including 1.2.2. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. Public sources in connec...
CVE-2026-24948 WordPress Reflector plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through = 1.2.2...
CVE-2026-22374
CVE-2026-22374 affects the WordPress Zio Alberto theme (versions
WordPress Zio Alberto theme <= 1.2.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Zio Alberto versions = 1.2.2...
EUVD-2025-204121
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Renewal renewal allows PHP Local File Inclusion.This issue affects Renewal: from n/a through = 1.2.2...
CVE-2025-63063 WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through = 1.2.2...
PT-2025-50063
Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through = 1.2.2...
CVE-2025-60217
CVE-2025-60217 describes a path traversal vulnerability in WordPress PT Luxa Addons (pt-luxa-addons) affecting versions up to 1.2.2. Multiple sources (NVD, Red Hat, CVE List, CNNVD, EUVD, vulnrichment, Patchstack) concur that improper restriction of pathname access enables path traversal, with Pa...
CVE-2025-58819
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...
CVE-2024-32093
Cross-Site Request Forgery CSRF vulnerability in Nose Graze Novelist.This issue affects Novelist: from n/a through 1.2.2...
CVE-2025-30566
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aryan Themes Clink clink allows DOM-Based XSS.This issue affects Clink: from n/a through = 1.2.2...