Page 5 of 1947 results (0.007 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

03 Jun 2025 — Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5. The FLAP - Business WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5 via deserialization of untrusted input [from the vulnerable parameter? • https://patchstack.com/database/wordpress/theme/flap/vulnerability/wordpress-flap-business-wordpress-theme-1-5-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

03 Jun 2025 — The PIMP theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/pimp/vulnerability/wordpress-pimp-creative-multipurpose-1-7-deserialization-of-untrusted-data-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

03 Jun 2025 — The Sweet Dessert theme for WordPress is vulnerable to PHP Object Injection in versions up to 1.1.13 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/sweet-dessert/vulnerability/wordpress-sweet-dessert-1-1-13-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

02 Jun 2025 — The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. • https://themeforest.net/item/golo-directory-listing-travel-wordpress-theme/25397810 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

30 May 2025 — The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. • https://wordpress.org/plugins/psw-login-and-registration/#developers • CWE-330: Use of Insufficiently Random Values •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

30 May 2025 — The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. • https://wordpress.org/plugins/profitori/#developers • CWE-285: Improper Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

30 May 2025 — The SUMO Affiliates Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 10.7.0. • https://patchstack.com/database/wordpress/plugin/affs/vulnerability/wordpress-sumo-affiliates-pro-10-7-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

29 May 2025 — The Course Builder - Online Course WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to 3.6.6 (exclusive) via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/course-builder/vulnerability/wordpress-course-builder-3-6-6-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

29 May 2025 — The The Fashion - Model Agency One Page Beauty Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. • https://patchstack.com/database/wordpress/theme/nrgfashion/vulnerability/wordpress-the-fashion-model-agency-one-page-beauty-theme-1-4-4-deserialization-of-untrusted-data-vulnerability? • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

23 May 2025 — The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. • https://github.com/d0n601/CVE-2025-5058 • CWE-434: Unrestricted Upload of File with Dangerous Type •