1911 results (0.009 seconds)

CVSS: 10.0EPSS: %CPEs: 1EXPL: 0

11 Jun 2025 — The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. ... El complemento Workreap para WordPress, utilizado por el tema Workreap - Freelance Marketplace para WordPress, es vulnerable a la omisión de la autenticación en todas las versiones hasta la 3.3.1 incluida. • https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-2-23-may-2025 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

10 Jun 2025 — Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0. • https://patchstack.com/database/wordpress/theme/tinysalt/vulnerability/wordpress-tinysalt-3-10-0-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

10 Jun 2025 — Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1. • https://patchstack.com/database/wordpress/theme/cozystay/vulnerability/wordpress-cozystay-1-7-1-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

09 Jun 2025 — Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5. • https://patchstack.com/database/wordpress/theme/flap/vulnerability/wordpress-flap-business-wordpress-theme-1-5-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

09 Jun 2025 — Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7. • https://patchstack.com/database/wordpress/theme/pimp/vulnerability/wordpress-pimp-creative-multipurpose-1-7-deserialization-of-untrusted-data-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

09 Jun 2025 — Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through 1.3.1. • https://patchstack.com/database/wordpress/theme/press-grid/vulnerability/wordpress-pressgrid-frontend-publish-reaction-multimedia-theme-1-3-1-deserialization-of-untrusted-data-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

06 Jun 2025 — Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1. • https://patchstack.com/database/wordpress/theme/mr-murphy/vulnerability/wordpress-mr-murphy-1-2-12-1-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

06 Jun 2025 — Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet Dessert allows Object Injection.This issue affects Sweet Dessert: from n/a before 1.1.13. • https://patchstack.com/database/wordpress/theme/sweet-dessert/vulnerability/wordpress-sweet-dessert-1-1-13-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

05 Jun 2025 — The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. • https://www.wordfence.com/threat-intel/vulnerabilities/id/d3af64a2-3bd6-47af-919e-00c5249dcc74?source=cve • CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

05 Jun 2025 — The PayU CommercePro Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.8.5. • https://patchstack.com/database/wordpress/plugin/payu-india/vulnerability/wordpress-payu-india-plugin-3-8-5-account-takeover-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel •