29 matches found
CVE-2026-28081
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...
EUVD-2026-9738
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...
CVE-2026-28081
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...
CVE-2026-28081
CVE-2026-28081 is a PHP Local File Inclusion in ThemeREX Windsor (Windsor) versions
CVE-2026-28081
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...
CVE-2026-28081 WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...
CVE-2026-28081 WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...
WordPress plugin Windsor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-23358
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through = 2.5.0...
WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Windsor versions = 2.5.0...
WordPress Windsor Strava Athlete Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Windsor Strava Athlete Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f40641265386 Credits Rafie Muhammad Patchstack...
WordPress Windsor Strava Club Plugin <= 1.0.14 is vulnerable to Cross Site Scripting (XSS)
Software Windsor Strava Club Type Plugin Vulnerable versions = 1.0.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2effed58e825 Credits Rafie Muhammad Patchstack...
windsorlibrary.org Cross Site Scripting vulnerability OBB-2636176
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
windsor-hills-kissimmee.com Cross Site Scripting vulnerability OBB-2463732
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Windsor Strava Athlete plugin <= 1.3.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Windsor Strava Athlete plugin versions = 1.3.6. Solution No patched version available...
WordPress Windsor Strava Club plugin <= 1.0.14 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Windsor Strava Club plugin versions = 1.0.14. Solution No patched version available...
WordPress Windsor Strava Athlete plugin <= 1.3.6 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Windsor Strava Athlete plugin versions = 1.3.6. Solution No patched version available...
WordPress Windsor Strava Club plugin <= 1.0.14 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Windsor Strava Club plugin versions = 1.0.14. Solution No patched version available...
windsor.de Cross Site Scripting vulnerability OBB-2331143
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
moodle.windsor-forest.ac.uk Cross Site Scripting vulnerability OBB-2279863
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...