Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9.
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XS…
Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4.
Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: fr…
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects …
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1…
Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= …
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.
Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10.
Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7.
Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.
Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4.
Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8.
Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4.
Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kidd…