Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.8 views

CVE-2026-5229

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email...

9.8CVSS5.8AI score0.0073EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23727

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS5.8AI score0.00232EPSS
Exploits1References3
CVE
CVE
added 2026/03/05 5:54 a.m.13 views

CVE-2026-28077

CVE-2026-28077 is a Local File Inclusion vulnerability in the WordPress ThemeREX Vapester theme ( Vapester ) affecting versions up to 1.1.10. The issue is described as Improper Control of Filename for Include/Require Statement in PHP, i.e., a PHP Remote File Inclusion capability that effectively ...

8.1CVSS5.9AI score0.00415EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/27 7:51 a.m.8 views

WordPress Ozisti theme <= 1.1.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Ozisti versions = 1.1.10...

8.1CVSS5.9AI score0.00403EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.2 views

WordPress plugin Palladio 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.6AI score0.00415EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 3:54 p.m.8 views

CVE-2025-60191 WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a throug...

7.5CVSS0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.3 views

PT-2024-29445 · Emi · Emi

Name of the Vulnerable Software and Affected Versions: EMI versions 1.1.10 and before Description: The issue is related to an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. Specifically, it is a failure to validate slot index and decrement stack count in the E...

5.3CVSS7.2AI score0.00266EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/08/12 12:0 a.m.6 views

PT-2021-10761 · Npm · Express-Cart

Name of the Vulnerable Software and Affected Versions: Express cart versions 1.1.10 and earlier Express cart version 1.1.16 Description: A Cross Site Request Forgery CSRF issue allows attackers to add an administrator account, add a discount code, or have other unspecified impacts. This issue...

8.8CVSS8.8AI score0.00567EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.3 views

PT-2021-19788 · Unknown · Express-Cart

Name of the Vulnerable Software and Affected Versions: express-cart versions 1.1.10 and earlier Description: The issue allows Reflected XSS for an admin via a user input field for product options. It is noted that exploitation would rely on an admin hacking their own website. Recommendations: For...

4.8CVSS5.8AI score0.00527EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2017/09/11 12:0 a.m.5 views

PT-2017-4168

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.1.10 Roundcube Webmail versions 1.2.x prior to 1.2.7 Roundcube Webmail versions 1.3.x prior to 1.3.3 Description The issue is related to file-based attachment plugins and allows unauthorized access to...

9.8CVSS7AI score0.84456EPSS
Exploits10References41
Rows per page
Query Builder