CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22508 – WordPress FAT Event Lite plugin <= 1.1 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-22508
07 Jan 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. The FAT Event Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. ... • https://patchstack.com/database/wordpress/plugin/fat-event-lite/vulnerability/wordpress-fat-event-lite-plugin-1-1-unauthenticated-non-arbitrary-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49222 – WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49222
03 Jan 2025 — Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0. La vulnerabilidad de deserialización de datos no confiables en Amento Tech Pvt ltd WPGuppy permite la inyección de objetos. Este problema afecta a WPGuppy: desde n/a hasta 1.1.0. The WPGuppy plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.1.0 via deserialization of untrusted input. This makes it possible for ... • https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56276 – WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56276
03 Jan 2025 — Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2. La vulnerabilidad de autorización faltante en WPForms Contact Form de WPForms permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al formulario de contacto de WPForms: desde n/a hasta 1.9.2.2. The WPForms – Easy Form Builder for WordPress – ... • https://patchstack.com/database/wordpress/plugin/wpforms-lite/vulnerability/wordpress-wpforms-lite-plugin-1-9-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56280 – WordPress WPGuppy plugin <= 1.1.0 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-56280
03 Jan 2025 — Incorrect Privilege Assignment vulnerability in Amento Tech Pvt ltd WPGuppy allows Privilege Escalation.This issue affects WPGuppy: from n/a through 1.1.0. La vulnerabilidad de asignación incorrecta de privilegios en WPGuppy de Amento Tech Pvt ltd permite la escalada de privilegios. Este problema afecta a WPGuppy: desde n/a hasta 1.1.0. The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This makes it possible for authen... • https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56282 – WordPress WPMozo Addons Lite for Elementor plugin <= 1.1.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-56282
03 Jan 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elicus WPMozo Addons Lite for Elementor allows PHP Local File Inclusion.This issue affects WPMozo Addons Lite for Elementor: from n/a through 1.1.0. La vulnerabilidad de control inadecuado del nombre de archivo para la declaración Include/Require en el programa PHP ('Inclusión de archivos remotos PHP') en Elicus WPMozo Addons Lite para Elementor permite la inclusión de archivos locales PH... • https://patchstack.com/database/wordpress/plugin/wpmozo-addons-lite-for-elementor/vulnerability/wordpress-wpmozo-addons-lite-for-elementor-plugin-1-1-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24599 – WordPress Newsletters plugin <= 4.9.9.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24599
26 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6. The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they ca... • https://patchstack.com/database/wordpress/plugin/newsletters-lite/vulnerability/wordpress-newsletters-plugin-4-9-9-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56221 – WordPress WPMozo Addons Lite for Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56221
19 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elicus WPMozo Addons Lite for Elementor allows Stored XSS.This issue affects WPMozo Addons Lite for Elementor: from n/a through 1.2.0. The WPMozo Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev... • https://patchstack.com/database/wordpress/plugin/wpmozo-addons-lite-for-elementor/vulnerability/wordpress-wpmozo-addons-lite-for-elementor-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56234 – WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56234
19 Dec 2024 — Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1. The VW Automobile Lite theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/theme/vw-automobile-lite/vulnerability/wordpress-vw-automobile-lite-theme-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56235 – WordPress Coupon plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56235
19 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon Plugin Coupon allows DOM-Based XSS.This issue affects Coupon: from n/a through 1.2.1. The Coupon plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that w... • https://patchstack.com/database/wordpress/plugin/coupon-lite/vulnerability/wordpress-coupon-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56063 – WordPress Essential Addons for Elementor plugin <= 6.0.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-56063
18 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 6.0.7. The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve... • https://patchstack.com/database/wordpress/plugin/essential-addons-for-elementor-lite/vulnerability/wordpress-essential-addons-for-elementor-plugin-6-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •