10 matches found
CVE-2026-5229
The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email...
PT-2026-23727
Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...
CVE-2026-28077
CVE-2026-28077 is a Local File Inclusion vulnerability in the WordPress ThemeREX Vapester theme ( Vapester ) affecting versions up to 1.1.10. The issue is described as Improper Control of Filename for Include/Require Statement in PHP, i.e., a PHP Remote File Inclusion capability that effectively ...
WordPress Ozisti theme <= 1.1.10 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Ozisti versions = 1.1.10...
WordPress plugin Palladio 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-60191 WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a throug...
PT-2024-29445 · Emi · Emi
Name of the Vulnerable Software and Affected Versions: EMI versions 1.1.10 and before Description: The issue is related to an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. Specifically, it is a failure to validate slot index and decrement stack count in the E...
PT-2021-10761 · Npm · Express-Cart
Name of the Vulnerable Software and Affected Versions: Express cart versions 1.1.10 and earlier Express cart version 1.1.16 Description: A Cross Site Request Forgery CSRF issue allows attackers to add an administrator account, add a discount code, or have other unspecified impacts. This issue...
PT-2021-19788 · Unknown · Express-Cart
Name of the Vulnerable Software and Affected Versions: express-cart versions 1.1.10 and earlier Description: The issue allows Reflected XSS for an admin via a user input field for product options. It is noted that exploitation would rely on an admin hacking their own website. Recommendations: For...
PT-2017-4168
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.1.10 Roundcube Webmail versions 1.2.x prior to 1.2.7 Roundcube Webmail versions 1.3.x prior to 1.3.3 Description The issue is related to file-based attachment plugins and allows unauthorized access to...