Lucene search
K

7 matches found

Patchstack
Patchstack
added 2026/06/23 1:58 p.m.5 views

WordPress Themify Portfolio Post plugin <= 1.2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Portfolio Post versions = 1.2.9...

8.8CVSS5.9AI score0.00309EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/19 12:8 a.m.9 views

WordPress Image Hotspot by DevVN plugin <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Custom Field Meta vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Hotspot by DevVN versions = 1.2.9...

6.4CVSS5.5AI score0.00181EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/09 10:29 p.m.5 views

CVE-2026-25895 FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched ...

9.5CVSS5.8AI score0.02675EPSS
Exploits3References5
OSV
OSV
added 2026/02/05 12:27 a.m.5 views

GHSA-VWCG-C828-9822 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting

Note GitHub incorrectly stated this vulnerability is identical to CVE-2025-69970, which describes the fact that authentication is disabled by default. This advisory describes an exploit chain that enables authentication bypass via the heartbeat refresh endpoint when authentication is enabled. Thi...

10CVSS6.3AI score0.00677EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/31 11:55 a.m.8 views

WordPress Responsive Block Control plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Responsive Block Control versions = 1.3.0...

6.5CVSS5.8AI score0.00173EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/06 1:44 p.m.4 views

WordPress AI for SEO plugin <= 1.2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin AI for SEO versions = 1.2.9...

4.3CVSS7AI score0.00283EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.5 views

PT-2024-18853 · WordPress · Move Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor plugin for WordPress versions up to, and including, 1.2.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's infobox and button widget due to insufficient input sanitization and output...

6.4CVSS7.9AI score0.00343EPSS
Exploits0References7
Rows per page
Query Builder