Lucene search
K
CvelistRecent

366246 matches found

Cvelist
Cvelist
added 2026/06/17 12:47 p.m.34 views

CVE-2026-49108 WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Moderno 1.43 versions...

9.8CVSS0.00304EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.21 views

CVE-2026-40752 WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.32 views

CVE-2026-40756 WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zoya = 1.4 versions...

8.1CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.32 views

CVE-2026-40738 WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.20 views

CVE-2026-40733 WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.20 views

CVE-2026-40720 WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Royal Elementor Addons Pro 1.7.1041 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.27 views

CVE-2026-39590 WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Atomlab = 2.4.5 versions...

8.1CVSS0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.22 views

CVE-2026-39560 WordPress Hiroshi theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.30 views

CVE-2026-39576 WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.28 views

CVE-2026-39559 WordPress Uppercase theme < 1.2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

8.1CVSS0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.17 views

CVE-2026-39556 WordPress Konsept theme <= 1.9 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Konsept = 1.9 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.27 views

CVE-2026-39523 WordPress Solene Core plugin <= 2.3.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Solene Core = 2.3.2 versions...

8.1CVSS0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.30 views

CVE-2026-39445 WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

8.1CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.18 views

CVE-2026-39442 WordPress PressMart theme <= 1.2.26 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in PressMart = 1.2.26 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.29 views

CVE-2025-69175 WordPress Line Agency theme <= 1.3.1 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.29 views

CVE-2025-69174 WordPress Etude theme <= 1.6 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.22 views

CVE-2025-69170 WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.20 views

CVE-2025-69166 WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.29 views

CVE-2025-69164 WordPress Skyward theme <= 1.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.19 views

CVE-2025-69158 WordPress Granola theme <= 1.13 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Granola = 1.13 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.23 views

CVE-2025-69157 WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gamic = 1.15 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.32 views

CVE-2025-69144 WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.29 views

CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.30 views

CVE-2025-69130 WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS0.00482EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.33 views

CVE-2025-69127 WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Plumbing = 1.6 versions...

9.8CVSS0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.21 views

CVE-2025-69126 WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.30 views

CVE-2025-69120 WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.30 views

CVE-2025-69123 WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.30 views

CVE-2025-69115 WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.29 views

CVE-2025-69106 WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Imba = 1.5.0 versions...

8.1CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.25 views

CVE-2025-69111 WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

9.8CVSS0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.21 views

CVE-2025-68524 WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...

7.1CVSS0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.21 views

CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

5.3CVSS0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.30 views

CVE-2025-59554 WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

9.3CVSS0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.31 views

CVE-2026-54193 WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

7.7CVSS0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:32 p.m.34 views

CVE-2025-59872 HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...

4.3CVSS0.00454EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:18 p.m.23 views

CVE-2026-11975 Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface

Stored cross-site scripting XSS in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without HTML sanitization and rendered unencoded via @Html.Raw...

6.2CVSS0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 12:17 p.m.34 views

CVE-2025-62340 HCL iControl was affected by Inadequate Session Timeout vulnerability

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...

3.1CVSS0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:13 p.m.34 views

CVE-2024-37496 WordPress Metro Magazine theme <= 1.3.7 - Broken Access Control on Notice Dismissal vulnerability

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7...

4.3CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:11 p.m.29 views

CVE-2024-37210 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5...

6.5CVSS0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:5 p.m.31 views

CVE-2024-35690 WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability

Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1...

6.5CVSS0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:3 p.m.29 views

CVE-2024-35648 WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0...

4.3CVSS0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:2 p.m.30 views

CVE-2024-33909 WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1...

5.3CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 11:57 a.m.30 views

CVE-2024-32949 WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8...

8.3CVSS0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 11:53 a.m.28 views

CVE-2024-32729 WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8...

7.5CVSS0.0043EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 11:50 a.m.30 views

CVE-2026-11858 Missing authorization in Quanos SCHEMA ST4 Client Update Service allows arbitrary file overwrite as SYSTEM

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

8.4CVSS0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 11:42 a.m.29 views

CVE-2024-24709 WordPress Shareaholic plugin <= 9.7.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11...

4.3CVSS0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 11:42 a.m.32 views

CVE-2026-11857 Insecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows local privilege escalation

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local...

8.4CVSS0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 11:39 a.m.29 views

CVE-2025-31013 WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6...

7.1CVSS0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 11:36 a.m.20 views

CVE-2024-31435 WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.6 - Broken Access Control vulnerability

: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6...

4.3CVSS0.00208EPSS
Exploits0References1
Total number of security vulnerabilities366246