WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tripgo versions 1.5.6...

CVE-2025-64433

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

CVE-2025-64432

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

AZL-69805 CVE-2025-64437 affecting package kubevirt for versions less than 1.5.3-2

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

Kubevirt 路径遍历漏洞

Kubevirt is a virtual machine manager in the KubeVirt open source. A path traversal vulnerability exists in KubeVirt versions prior to 1.5.3 and prior to 1.6.1, which stems from mishandling of symbolic links and a file ownership change issue, and could lead to reading arbitrary files in the...

WordPress Email marketing for WordPress by GetResponse Official plugin <= 1.5.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Email marketing for WordPress by GetResponse Official versions = 1.5.3...

CVE-2025-58862 WordPress WordPress Events Calendar Plugin – connectDaily Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar allows Stored XSS.This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through = 1.5...

WordPress Smartarget.online Integration plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hunter85 Patchstack Alliance in WordPress Plugin Smartarget versions = 1.5.3...

PT-2025-3849 · Nec · Aterm Wx3600Hp +1

Name of the Vulnerable Software and Affected Versions: NEC Corporation Aterm WX1500HP versions 1.4.2 and earlier NEC Corporation Aterm WX3600HP versions 1.5.3 and earlier Description: The issue allows an attacker to execute arbitrary OS commands via the network. This can be done through the...

CVE-2024-22365 affecting package pam for versions less than 1.5.3-2

CVE-2024-22365 affecting package pam for versions less than 1.5.3-2. A patched version of the package is available...

PT-2024-37100 · WordPress · Photo Video Gallery Master

Name of the Vulnerable Software and Affected Versions: Photo Video Gallery Master plugin for WordPress versions up to, and including, 1.5.3 Description: The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input PVGM all photos...

WordPress Borderless plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by stealthcopter in WordPress Plugin Borderless versions = 1.5.3...

PT-2024-25836 · Unknown · Video Gallery – Api Gallery

Name of the Vulnerable Software and Affected Versions: Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery versions 1.5.3 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects the Video Gallery – Api Gallery, YouTube and Vimeo,...

PT-2023-31371 · Unknown · Structured Content

Name of the Vulnerable Software and Affected Versions: Structured Content JSON-LD versions n/a through 1.5.3 Description: The issue is related to Deserialization of Untrusted Data, which affects the Structured Content JSON-LD plugin. No information is provided about the estimated number of...

WordPress Plugin Blog Filter Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Loan Comparison 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-14394 · WordPress · Vision Interactive

Name of the Vulnerable Software and Affected Versions: The Vision Interactive For WordPress plugin versions 1.5.3 and earlier Description: The issue allows users, such as contributor+, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, due to t...

CVE-2022-3401

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability CVE-2022-3400, makes it possible for authenticate...

PT-2022-21959 · WordPress · Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions 1.0 through 1.5.3 Description: The issue is related to authorization bypass due to a missing capability check on the bricks save post AJAX action. This allows authenticated attackers with minimal...

PT-2011-1049 · Muscle +2 · Pcsc-Lite +2

Name of the Vulnerable Software and Affected Versions: pcsc-lite versions 1.5.3 through 1.6.6 pcsc-lite versions prior to 1.6.6 Description: The issue affects the pcsc-lite package, potentially leading to breaches of confidentiality, integrity, and availability of protected information. It can be...