Page 4 of 1947 results (0.007 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.7.5. • https://patchstack.com/database/wordpress/plugin/ova-events-manager/vulnerability/wordpress-ovatheme-events-manager-plugin-1-7-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — The ReFormer – Multichannel Contact Form for Elementor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.5. • https://patchstack.com/database/wordpress/plugin/reformer-elementor/vulnerability/wordpress-reformer-for-elementor-1-0-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

10 Jun 2025 — The Spare theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.7 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/spare/vulnerability/wordpress-spare-1-7-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

09 Jun 2025 — The CozyStay theme for WordPress is vulnerable to PHP Object Injection in versions up to 1.7.1 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/cozystay/vulnerability/wordpress-cozystay-1-7-1-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

09 Jun 2025 — The TinySalt theme for WordPress is vulnerable to PHP Object Injection in versions up to 3.10.0 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/tinysalt/vulnerability/wordpress-tinysalt-3-10-0-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

06 Jun 2025 — Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1. • https://patchstack.com/database/wordpress/theme/mr-murphy/vulnerability/wordpress-mr-murphy-1-2-12-1-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

05 Jun 2025 — The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. • https://www.wordfence.com/threat-intel/vulnerabilities/id/d3af64a2-3bd6-47af-919e-00c5249dcc74?source=cve • CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

05 Jun 2025 — The PayU CommercePro Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.8.7. • https://patchstack.com/database/wordpress/plugin/payu-india/vulnerability/wordpress-payu-india-plugin-3-8-5-account-takeover-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 5

04 Jun 2025 — The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. • https://packetstorm.news/files/id/200686 • CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

04 Jun 2025 — The PressGrid theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.1 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/press-grid/vulnerability/wordpress-pressgrid-frontend-publish-reaction-multimedia-theme-1-3-1-deserialization-of-untrusted-data-vulnerability? • CWE-502: Deserialization of Untrusted Data •