264070 matches found
CVE-2025-58024 WordPress Accordion FAQ Plugin <= 2.2.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...
CVE-2025-58024
CVE-2025-58024 affects the WordPress pluginPressapps Accordion FAQ (= 2.2.1) or official patch guidance when available.
CVE-2025-58024 WordPress Accordion FAQ Plugin <= 2.2.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...
CVE-2026-5191
The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2025-53440 WordPress Confidant theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...
CVE-2025-53440 WordPress Confidant theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4...
CVE-2025-53440
CVE-2025-53440 describes a Local File Inclusion in the WordPress Confidant theme (versions <= 1.4) due to improper control of the filename for include/require in PHP. Affected component: Confidant WordPress theme. Root cause: PHP Local File Inclusion vulnerability enabling access to local file...
CVE-2025-53346 WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3...
CVE-2025-53346 WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3...
CVE-2025-53346
CVE-2025-53346 : WordPress Thim Core plugin
CVE-2025-53345 WordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability
Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...
CVE-2025-53345 WordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability
Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...
CVE-2025-53345
CVE-2025-53345: A Missing Authorization flaw in ThimPress Thim Core (WordPress plugin) allows arbitrary code execution when a malicious vulnerable plugin is installed, affecting Thim Core up to version 2.3.3. CVSS v3.1 metrics indicate Network attack vector, Low attack complexity, Privileges Requ...
CVE-2025-53302
CVE-2025-53302 in WordPress Theme Constructor (<= 1.6.5) is a Missing Authorization / Broken Access Control issue. Publicly disclosed details indicate unauthenticated access to restricted functionality due to ACL constraints, affecting Constructor versions up to 1.6.5. CVSS v3.1 base score is ...
CVE-2025-53302 WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...
CVE-2025-53302 WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...
CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
CVE-2025-53209
Masteriyo LMS PRO (WordPress)
CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...
CVE-2025-52766 WordPress Printeers Print & Ship plugin <= 1.17.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...