Lucene search
K

33 matches found

Cvelist
Cvelist
added 2026/03/25 4:14 p.m.32 views

CVE-2026-22495 WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through = 1.3.2...

8.1CVSS0.00504EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:41 a.m.9 views

CVE-2026-32348

The CVE-2026-32348 entry concerns the WordPress MAS Videos plugin (masvideos) with a Missing Authorization vulnerability due to incorrectly configured access control security levels. It affects MAS Videos versions up to and including 1.3.2. The connected documents substantiate the vulnerability d...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:41 a.m.27 views

CVE-2026-32340 WordPress Business One Page theme <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through = 1.3.2...

5.3CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/03/09 5:16 p.m.6 views

CVE-2025-15568

A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution RCE when the router is configured with sysmode=ap. Successful exploitation results in root-level...

8.5CVSS0.01441EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/06 7:53 a.m.11 views

CVE-2026-28127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directory: from n/a through = 1.3.2...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/05 11:15 a.m.6 views

WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Greenville versions = 1.3.2...

5.8AI score0.00504EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/05 6:30 a.m.4 views

EUVD-2026-9592

Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through = 1.3.2...

5.9AI score0.0051EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.4 views

CVE-2026-22435

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes ElectroServ electroserv allows PHP Local File Inclusion.This issue affects ElectroServ: from n/a through = 1.3.2...

8.1CVSS0.00504EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.30 views

CVE-2026-22501 WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through = 1.3.2...

9.8CVSS0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.5 views

CVE-2025-69390

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Business Template Blocks for WPBakery Visual Composer Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for...

7.1CVSS5.5AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.5 views

CVE-2025-69390 WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Business Template Blocks for WPBakery Visual Composer Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for...

7.1CVSS5.3AI score0.00175EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/18 6:19 a.m.5 views

WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Spa and Salon versions = 1.3.2...

5.3CVSS5.4AI score0.00272EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/02/11 9:27 a.m.29 views

CVE-2026-2295

CVE-2026-2295 affects the WordPress plugin “WPZOOM Addons for Elementor – Starter Templates & Widgets” up to version 1.3.2, exposing protected post titles and excerpts via an unauthenticated request to ajax_post_grid_load_more due to a missing capability check. Multiple sources (Wordfence, CVE en...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/26 7:14 a.m.5 views

WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin Gallery PhotoBlocks versions = 1.3.2...

6.5CVSS5.9AI score0.00129EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.9 views

PT-2025-50842

The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $ SERVER'PHP SELF' variable in the plugin's settings page. This...

6.1CVSS5.7AI score0.00212EPSS
Exploits0References4
NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-67473

Cross-Site Request Forgery CSRF vulnerability in codeworkweb CWW Companion cww-companion allows Cross Site Request Forgery.This issue affects CWW Companion: from n/a through = 1.3.2...

4.3CVSS0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 8:25 a.m.6 views

EUVD-2025-34555

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

7.5CVSS6.3AI score0.0035EPSS
Exploits0References4
CVE
CVE
added 2025/10/15 8:25 a.m.24 views

CVE-2025-10743

CVE-2025-10743 : The WordPress Outdoor plugin (up to version 1.3.2) contains an unauthenticated SQL injection via the edit action due to insufficient escaping of the user-supplied parameter and inadequate preparation of the SQL query. Multiple sources confirm this vulnerability affects all versio...

7.5CVSS6.4AI score0.0035EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/25 11:34 p.m.4 views

WordPress Mega Elements plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer Widget vulnerability discovered by zer0gh0st in WordPress Plugin Mega Elements versions = 1.3.2...

6.4CVSS5.5AI score0.00222EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/05 1:45 p.m.14 views

CVE-2025-58868 WordPress SimaCookie Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through = 1.3.2...

6.5CVSS0.00154EPSS
Exploits0References1
Rows per page
Query Builder