Lucene search
K

30 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.18 views

CVE-2026-40761

Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...

8.1CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.28 views

CVE-2025-60218 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability

Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...

9.9CVSS0.00447EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.10 views

CVE-2026-39554

CVE-2026-39554 concerns WordPress Theme Fidalgo (versions

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36981

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...

10CVSS5.2AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.24 views

CVE-2026-39639 WordPress RPS Include Content plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Content: from n/a through = 1.2.2...

6.5CVSS0.00233EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.11 views

EUVD-2026-15882

Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through = 1.2.2...

5.8AI score0.00345EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32377 WordPress Pranayama Yoga theme <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...

5.8AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.7 views

CVE-2026-27098

Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nanny Theme: from n/a through = 1.2.2...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.6 views

CVE-2026-22374

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through = 1.2.2...

8.1CVSS5.5AI score0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:47 p.m.28 views

CVE-2026-24948

CVE-2026-24948 is a reflected XSS vulnerability in the WordPress plugin Reflector (fox-themes Reflector reflector-plugins) affecting versions up to and including 1.2.2. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. Public sources in connec...

7.1CVSS5.5AI score0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:47 p.m.26 views

CVE-2026-24948 WordPress Reflector plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through = 1.2.2...

7.1CVSS0.00151EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:47 p.m.15 views

CVE-2026-22374

CVE-2026-22374 affects the WordPress Zio Alberto theme (versions

8.1CVSS5.6AI score0.00334EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/17 8:11 a.m.6 views

WordPress Zio Alberto theme <= 1.2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Zio Alberto versions = 1.2.2...

8.1CVSS5.5AI score0.00334EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/12/18 9:30 a.m.3 views

EUVD-2025-204121

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Renewal renewal allows PHP Local File Inclusion.This issue affects Renewal: from n/a through = 1.2.2...

8.1CVSS6.6AI score0.00415EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.23 views

CVE-2025-63063 WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through = 1.2.2...

5.3CVSS0.00364EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50063

Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through = 1.2.2...

7AI score0.00364EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 2:32 p.m.10 views

CVE-2025-60217

CVE-2025-60217 describes a path traversal vulnerability in WordPress PT Luxa Addons (pt-luxa-addons) affecting versions up to 1.2.2. Multiple sources (NVD, Red Hat, CVE List, CNNVD, EUVD, vulnrichment, Patchstack) concur that improper restriction of pathname access enables path traversal, with Pa...

7.7CVSS6.5AI score0.00391EPSS
Exploits0References1
NVD
NVD
added 2025/09/05 2:15 p.m.5 views

CVE-2025-58819

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

9.1CVSS0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.7 views

CVE-2024-32093

Cross-Site Request Forgery CSRF vulnerability in Nose Graze Novelist.This issue affects Novelist: from n/a through 1.2.2...

5.4CVSS5.1AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 2:15 p.m.3 views

CVE-2025-30566

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aryan Themes Clink clink allows DOM-Based XSS.This issue affects Clink: from n/a through = 1.2.2...

6.5CVSS0.00322EPSS
Exploits0References1
Rows per page
Query Builder