| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7. |
| Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10. |
| Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8. |
| Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through <= 7.42. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1. |
| Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19. |
| Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1. |
| Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through <= 5.2.6. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3. |
| Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 3.0.3. |
| Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24. |
| Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through < 3.15.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OOPSpam Team OOPSpam Anti-Spam oopspam-anti-spam allows Stored XSS.This issue affects OOPSpam Anti-Spam: from n/a through <= 1.2.62. |
