5 matches found
CVE-2026-39640
CVE-2026-39640 is a high-severity CSRF vulnerability in the WordPress Theme Editor plugin (Theme Editor) affecting versions from unspecified up to and including 3.2. The issue allows code injection/remote code execution and is rated critical (CVSS 3.1: 9.6; network attack vector, low complexity, ...
CVE-2026-2661
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be...
WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kids Heaven versions = 3.2...
CVE-2024-54226
CVE-2024-54226 describes a CSRF to Stored XSS in the WordPress plugin Country Blocker (affected versions: up to 3.2, vendor: Karl Kiesinger). The entry indicates a high-severity issue (CVSS v3.1 base score 7.1) with potential stored cross-site script execution, and in the Wordfence context the vu...
WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Cookie Consent versions = 3.2...