33 matches found
CVE-2026-22495 WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through = 1.3.2...
CVE-2026-32348
The CVE-2026-32348 entry concerns the WordPress MAS Videos plugin (masvideos) with a Missing Authorization vulnerability due to incorrectly configured access control security levels. It affects MAS Videos versions up to and including 1.3.2. The connected documents substantiate the vulnerability d...
CVE-2026-32340 WordPress Business One Page theme <= 1.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Business One Page business-one-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through = 1.3.2...
CVE-2025-15568
A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution RCE when the router is configured with sysmode=ap. Successful exploitation results in root-level...
CVE-2026-28127
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directory: from n/a through = 1.3.2...
WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Greenville versions = 1.3.2...
EUVD-2026-9592
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through = 1.3.2...
CVE-2026-22435
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes ElectroServ electroserv allows PHP Local File Inclusion.This issue affects ElectroServ: from n/a through = 1.3.2...
CVE-2026-22501 WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through = 1.3.2...
CVE-2025-69390
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Business Template Blocks for WPBakery Visual Composer Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for...
CVE-2025-69390 WordPress Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themebon Business Template Blocks for WPBakery Visual Composer Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for...
WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Spa and Salon versions = 1.3.2...
CVE-2026-2295
CVE-2026-2295 affects the WordPress plugin “WPZOOM Addons for Elementor – Starter Templates & Widgets” up to version 1.3.2, exposing protected post titles and excerpts via an unauthenticated request to ajax_post_grid_load_more due to a missing capability check. Multiple sources (Wordfence, CVE en...
WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin Gallery PhotoBlocks versions = 1.3.2...
PT-2025-50842
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the $ SERVER'PHP SELF' variable in the plugin's settings page. This...
CVE-2025-67473
Cross-Site Request Forgery CSRF vulnerability in codeworkweb CWW Companion cww-companion allows Cross Site Request Forgery.This issue affects CWW Companion: from n/a through = 1.3.2...
EUVD-2025-34555
The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...
CVE-2025-10743
CVE-2025-10743 : The WordPress Outdoor plugin (up to version 1.3.2) contains an unauthenticated SQL injection via the edit action due to insufficient escaping of the user-supplied parameter and inadequate preparation of the SQL query. Multiple sources confirm this vulnerability affects all versio...
WordPress Mega Elements plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer Widget vulnerability discovered by zer0gh0st in WordPress Plugin Mega Elements versions = 1.3.2...
CVE-2025-58868 WordPress SimaCookie Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through = 1.3.2...