7 matches found
WordPress Themify Portfolio Post plugin <= 1.2.9 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Portfolio Post versions = 1.2.9...
WordPress Image Hotspot by DevVN plugin <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Custom Field Meta vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Hotspot by DevVN versions = 1.2.9...
CVE-2026-25895 FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched ...
GHSA-VWCG-C828-9822 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting
Note GitHub incorrectly stated this vulnerability is identical to CVE-2025-69970, which describes the fact that authentication is disabled by default. This advisory describes an exploit chain that enables authentication bypass via the heartbeat refresh endpoint when authentication is enabled. Thi...
WordPress Responsive Block Control plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Responsive Block Control versions = 1.3.0...
WordPress AI for SEO plugin <= 1.2.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin AI for SEO versions = 1.2.9...
PT-2024-18853 · WordPress · Move Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor plugin for WordPress versions up to, and including, 1.2.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's infobox and button widget due to insufficient input sanitization and output...