PT-2026-45753

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

CVE-2026-8943

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

EUVD-2026-32068

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2026-8868

The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...

CVE-2026-8868 Single Mailchimp <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes autocomplete, label,...

WordPress plugin Single Mailchimp 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Social & Mobile Color Notes 安全漏洞

Social & Mobile Color Notes is a note application developed by Social & Mobile that supports text recording, task management, and color categorization. Version 1.4 of Social & Mobile Color Notes contains a security vulnerability. This vulnerability stems from a denial-of-service issue, which coul...

CVE-2026-6710

The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the SkysaAppsAdminAppPage function. This makes it possible for unauthenticated attackers to trick a site...

CVE-2026-6710

The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the SkysaAppsAdminAppPage function. This makes it possible for unauthenticated attackers to trick a site...

WordPress Skysa Text Ticker App plugin <= 1.4 - Cross-Site Request Forgery to Settings Modification vulnerability

Cross-Site Request Forgery to Settings Modification vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Skysa Text Ticker App versions = 1.4...

CVE-2026-38669

CVE-2026-38669 affects wCMS v1.4 and is described as a Cross Site Scripting (XSS) vulnerability when creating a new blog. The connected sources confirm the product/version and the XSS impact, with a CVSS v3.1 base score of 6.1 (Medium) and user interaction required. The documents do not provide r...

WCMS 跨站脚本漏洞

WCMS is a content management system CMS developed by Vedegis for individual users. Version wCMS v.1.4 has a cross-site scripting vulnerability, which stems from cross-site scripting attacks when creating new blogs...

CVE-2026-38669

wCMS v.1.4 is vulnerable to Cross Site Scripting XSS when creating a new blog...

PT-2026-36832

wCMS v.1.4 is vulnerable to Cross Site Scripting XSS when creating a new blog...

CVE-2026-6294

CVE-2026-6294 concerns the WordPress plugin Google PageRank Display (versions ≤ 1.4). The root cause is missing nonce validation in gpdisplay_option(), with the settings form lacking wp_nonce_field() and the handler not calling check_admin_referer() or wp_verify_nonce() before processing POST req...

WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme LuxeDrive versions = 1.4...

WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme WaveRide versions = 1.4...

RHSA-2026:6268 Red Hat Security Advisory: 389-ds:1.4 security update

Bulletin has no description...

CVE-2026-22509

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through = 1.4...

EUVD-2026-15861

Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through 1.4...