264021 matches found
PT-2026-46359
Unauthenticated Local File Inclusion in Medeus = 1.14 versions...
PT-2026-46357
Unauthenticated Local File Inclusion in Quirky = 1.23 versions...
PT-2026-46363
Unauthenticated Local File Inclusion in Printo = 1.11 versions...
PT-2026-46208
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc ajax save option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set t...
PT-2026-46332
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...
PT-2026-46336
Unauthenticated Local File Inclusion in Corbesier = 1.15.0 versions...
PT-2026-46381
Unauthenticated Local File Inclusion in Truemag = 4.3.14.2 versions...
PT-2026-46344
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...
PT-2026-46214
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payload...
PT-2026-46329
Unauthenticated Local File Inclusion in Planty = 1.14.0 versions...
VulnCheck KEV: CVE-2026-5073
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...
PT-2026-46369
Unauthenticated Local File Inclusion in Choreo = 1.6 versions...
PT-2026-46343
Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...
PT-2026-46129
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'columns' parameter in all versions up to, and including, 4.8.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
WordPress plugin eMember 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-46364
Unauthenticated Local File Inclusion in Gita = 1.11 versions...
PT-2026-46338
Unauthenticated Local File Inclusion in Deliciosa = 1.10.0 versions...
PT-2026-46345
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...
PT-2026-46375
Unauthenticated Local File Inclusion in Resurs = 1.3 versions...
PT-2026-46349
Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...