4 matches found
CVE-2026-1988 Flexi Product Slider and Grid for WooCommerce <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion via 'theme' Shortcode Attribute
The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the flexipsgcarousel shortcode. This is due to the theme parameter being directly concatenated into a file path without proper sanitization ...
WordPress plugin Flexi Product Slider and Grid for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-58796
CVE-2025-58796 is a stored XSS in the WordPress plugin “Elementor Element Condition” (dudaster) affecting versions up to 1.0.5. The issue arises from improper input neutralization during web page generation, enabling script injection via crafted input. Public disclosures in multiple sources (incl...
WordPress Mosaic Generator plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'c' Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Mosaic Generator versions = 1.0.5...