Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects …
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a thr…
Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5.
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5.
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2.
Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3.
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager:…
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for Word…
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue a…
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affect…
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <=…
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0…
Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways …
Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through <= 1.1.1…
Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.1…
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: fro…