196 matches found
CVE-2025-58210 WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through = 1.8.5...
CVE-2025-58210
CVE-2025-58210 describes a Missing Authorization issue in the ThemeMove Makeaholic WordPress theme. The vulnerability affects Makeaholic versions up to and including 1.8.5, stemming from incorrectly configured access control that allows unauthorized access. Multiple connected sources corroborate ...
CVE-2025-54716
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ireca ireca allows PHP Local File Inclusion.This issue affects Ireca: from n/a through = 1.8.5...
Linux Distros Unpatched Vulnerability : CVE-2020-25201
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft...
CVE-2025-54716 WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ireca ireca allows PHP Local File Inclusion.This issue affects Ireca: from n/a through = 1.8.5...
PT-2025-35070
Name of the Vulnerable Software and Affected Versions: ovatheme Ireca versions through 1.8.5 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. Recommendations...
WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Ireca versions = 1.8.5...
WordPress Makeaholic Theme <= 1.8.5 is vulnerable to Broken Access Control
Software Makeaholic Type Theme Vulnerable versions = 1.8.5 Fixed in 1.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID de9323d56155 Credits Tran Nguyen Bao Khanh VCI - VNPT...
CVE-2024-48249
Wavelog 1.8.5 allows Gridmapmodel.php getbandconfirmed SQL injection via band, sat, propagation, or mode...
CVE-2024-34426
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5...
CVE-2024-48251
Wavelog 1.8.5 allows Activatedgridmapmodel.php getbandconfirmed SQL injection via band, sat, propagation, or mode...
CVE-2023-35875
Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5...
CVE-2023-46617
Cross-Site Request Forgery CSRF vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5...
CVE-2022-47155
Cross-Site Request Forgery CSRF vulnerability in Supsystic Slider by Supsystic plugin = 1.8.5 versions...
CVE-2020-21049
An invalid read in the stbimage.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service DOS via a crafted PSD file...
CVE-2025-48256
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes Import Social Events allows Stored XSS. This issue affects Import Social Events: from n/a through 1.8.5...
CVE-2025-48256 WordPress Import Social Events plugin <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Xylus Themes Import Social Events import-facebook-events allows Stored XSS.This issue affects Import Social Events: from n/a through = 1.8.5...
WordPress plugin Import Social Events 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
SUSE CVE-2025-25196
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.4 Helm chart openfga-0.2.22, docker v.1.8.4 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users on OpenFGA...
CVE-2024-13568
The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...