Page 5 of 1766 results (0.058 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

03 Mar 2025 — The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. ... WordPress Newscrunch theme version 1.8.4 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/190148 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 3

03 Mar 2025 — The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. ... WordPress Newscrunch theme version 1.8.4.1 suffers from a remote shell upload vulnerability. • https://packetstorm.news/files/id/190147 • CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

03 Mar 2025 — The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'card_address' parameter. • https://github.com/impress-org/givewp/pull/7679/files • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 44%CPEs: 1EXPL: 0

28 Feb 2025 — The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. • https://themeforest.net/item/nokri-job-board-wordpress-theme/22677241 • CWE-620: Unverified Password Change •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

28 Feb 2025 — The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. • https://themeforest.net/item/setsail-travel-agency-theme/22832625 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

28 Feb 2025 — The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. • https://themeforest.net/item/alloggio-hotel-booking-theme/26775539 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

28 Feb 2025 — The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. • https://themeforest.net/item/academist-a-modern-learning-management-system-and-education-theme/22376830 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 0

27 Feb 2025 — The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. ... This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. • https://whmpress.com/docs/change-log • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

27 Feb 2025 — The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. • https://codecanyon.net/item/woocommerce-ultimate-gift-card/19191057 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

27 Feb 2025 — The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. • https://codecanyon.net/item/dhvc-form-wordpress-form-for-visual-composer/8326593 • CWE-266: Incorrect Privilege Assignment •