997 matches found
CVE-2026-22364 WordPress SevenTrees theme <=1.0.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through =1.0.2...
CVE-2026-22361
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-Mart: from n/a through = 1.0.2...
WordPress plugin SevenTrees 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Redy 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-21207
Name of the Vulnerable Software and Affected Versions axiomthemes SevenTrees versions through 1.0.2 Description The software contains an Improper Control of Filename for Include/Require Statement issue, specifically a PHP Local File Inclusion. This allows for the inclusion of local files within t...
PT-2026-21204
Name of the Vulnerable Software and Affected Versions axiomthemes A-Mart versions through 1.0.2 Description A flaw exists in axiomthemes A-Mart that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue could allow an attacker to includ...
CVE-2026-2282
The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2025-14167 Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update
The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR || instead of AND &&, causing the validation to fail when the nonce field is not empty OR when...
WordPress plugin Remove Post Type Slug 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20639
Name of the Vulnerable Software and Affected Versions Slidorion versions up to and including 1.0.2 Description The Slidorion plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated attackers...
PT-2026-21300
Name of the Vulnerable Software and Affected Versions @langchain/langgraph-checkpoint-redis versions prior to 1.0.2 Description A query injection issue exists in the RedisSaver and ShallowRedisSaver classes of the @langchain/langgraph-checkpoint-redis package. These classes build RediSearch queri...
GHSA-PPFX-73J5-FHXC Skill-scanner Unsecured Network Binding Vulnerability
Description: A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. ...
Server-side Request Forgery (SSRF)
Overview cisco-ai-skill-scanner is a Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to its APIs binding to 0.0.0.0. If the API server is enabled, ...
WordPress Redy theme <= 1.0.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Redy versions = 1.0.2...
CVE-2026-1905
CVE-2026-1905 : WordFence and Patchstack document a stored cross-site scripting vulnerability in the WordPress Sphere Manager plugin. The issue arises from insufficient input sanitization and output escaping in the width attribute of the show_sphere_image shortcode, affecting versions up to and i...
CVE-2026-1932 Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification
The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers t...
PT-2026-8045
The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...
CVE-2026-1893
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...
PT-2026-7484
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn label' parameter in the 'orbisius random name generator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes i...
WordPress Orbisius Random Name Generator plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'btnlabel' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Orbisius Random Name Generator versions = 1.0.2...