Vendor CVEs
Qodeinteractive
All CVEs
49 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47840 | Cri | 0.66 | 9.9 | 0.01 | Dec 29, 2023 | Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | ||
| CVE-2025-26410 | Cri | 0.64 | 9.8 | 0.01 | Feb 11, 2025 | The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the… | ||
| CVE-2025-67515 | Hig | 0.57 | 8.8 | 0.00 | Dec 9, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.5. | ||
| CVE-2025-26411 | Hig | 0.57 | 8.8 | 0.01 | Feb 11, 2025 | An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the… | ||
| CVE-2026-22457 | Hig | 0.53 | 8.1 | 0.01 | Mar 5, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.5. | ||
| CVE-2025-67940 | Hig | 0.53 | 8.1 | 0.01 | Jan 22, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through < 3.2.1. | ||
| CVE-2025-67934 | Hig | 0.53 | 8.1 | 0.00 | Jan 8, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8. | ||
| CVE-2025-69034 | Hig | 0.53 | 8.1 | 0.00 | Dec 30, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8. | ||
| CVE-2025-39467 | Hig | 0.53 | 8.1 | 0.01 | Nov 6, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. | ||
| CVE-2025-39466 | Hig | 0.53 | 8.1 | 0.01 | Nov 6, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4. | ||
| CVE-2025-49297 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6. | ||
| CVE-2025-49296 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6. | ||
| CVE-2025-49295 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1. | ||
| CVE-2025-39494 | Hig | 0.53 | 8.1 | 0.00 | May 23, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.4.2. | ||
| CVE-2025-39490 | Hig | 0.53 | 8.1 | 0.01 | May 23, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2. | ||
| CVE-2025-39458 | Hig | 0.53 | 8.1 | 0.01 | May 19, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through <= 2.5.2. | ||
| CVE-2024-50457 | Hig | 0.49 | 7.5 | 0.01 | Oct 28, 2024 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qode Essential Addons qode-essential-addons.This issue affects Qode Essential Addons: from n/a through <= 1.6.3. | ||
| CVE-2024-49690 | Hig | 0.49 | 7.5 | 0.01 | Oct 23, 2024 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3.2. | ||
| CVE-2022-32510 | Hig | 0.46 | 7.1 | 0.00 | May 14, 2024 | An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the… | ||
| CVE-2025-26409 | Med | 0.44 | 6.8 | 0.00 | Feb 11, 2025 | A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This… | ||
| CVE-2024-49311 | Med | 0.42 | 6.5 | 0.00 | Oct 17, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.7. | ||
| CVE-2024-9292 | Med | 0.42 | 6.4 | 0.00 | Oct 8, 2024 | The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated… | ||
| CVE-2024-38712 | Med | 0.42 | 6.5 | 0.00 | Jul 20, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3. | ||
| CVE-2024-4887 | Hig | 0.42 | 7.5 | 0.01 | Jun 7, 2024 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-5221 | Med | 0.42 | 6.4 | 0.00 | Jun 6, 2024 | The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-4364 | Med | 0.42 | 6.4 | 0.00 | Jun 6, 2024 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-3309 | Med | 0.42 | 6.4 | 0.00 | Apr 27, 2024 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-0826 | Med | 0.42 | 6.4 | 0.01 | Apr 9, 2024 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for… | ||
| CVE-2025-26408 | Med | 0.40 | 6.1 | 0.00 | Feb 11, 2025 | The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions… | ||
| CVE-2024-9830 | Med | 0.40 | 6.1 | 0.00 | Nov 19, 2024 | The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This makes it possible for unauthenticated attackers to inject arbitrary web scripts… | ||
| CVE-2017-13138 | Med | 0.40 | 6.1 | 0.01 | Aug 23, 2017 | DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | ||
| CVE-2025-69032 | Med | 0.35 | 5.4 | 0.00 | Dec 30, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7. | ||
| CVE-2025-69030 | Med | 0.35 | 5.4 | 0.00 | Dec 30, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3. | ||
| CVE-2025-64368 | Med | 0.35 | 5.4 | 0.00 | Oct 31, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6. | ||
| CVE-2025-8146 | Med | 0.35 | 6.4 | 0.00 | Aug 2, 2025 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-49312 | Med | 0.32 | 4.9 | 0.00 | Oct 17, 2024 | Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7. | ||
| CVE-2026-22458 | Med | 0.28 | 4.3 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1.5. | ||
| CVE-2025-63018 | Med | 0.28 | 4.3 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229. | ||
| CVE-2025-66532 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1. | ||
| CVE-2024-37490 | Med | 0.28 | 4.3 | 0.00 | Jan 2, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in wproyal Bard bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 2.210. | ||
| CVE-2021-4399 | Med | 0.28 | 4.3 | 0.00 | Jul 1, 2023 | The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(),… | ||
| CVE-2025-6252 | 0.00 | — | 0.00 | Jun 28, 2025 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | |||
| CVE-2025-1627 | 0.00 | — | 0.00 | May 19, 2025 | The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||
| CVE-2025-1626 | 0.00 | — | 0.00 | May 19, 2025 | The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting… | |||
| CVE-2025-1625 | 0.00 | — | 0.00 | May 19, 2025 | The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting… | |||
| CVE-2024-13699 | 0.00 | — | 0.00 | Feb 4, 2025 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | |||
| CVE-2024-9530 | 0.00 | — | 0.00 | Oct 23, 2024 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive… | |||
| CVE-2023-47679 | 0.00 | — | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3. | |||
| CVE-2019-20781 | 0.00 | — | 0.00 | Apr 29, 2020 | An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur. |
- risk 0.66cvss 9.9epss 0.01
Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.
- risk 0.64cvss 9.8epss 0.01
The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the…
- risk 0.57cvss 8.8epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.5.
- risk 0.57cvss 8.8epss 0.01
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the…
- risk 0.53cvss 8.1epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.5.
- risk 0.53cvss 8.1epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through < 3.2.1.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8.
- risk 0.53cvss 8.1epss 0.01
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.
- risk 0.53cvss 8.1epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.
- risk 0.53cvss 8.1epss 0.00
Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.4.2.
- risk 0.53cvss 8.1epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2.
- risk 0.53cvss 8.1epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through <= 2.5.2.
- risk 0.49cvss 7.5epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qode Essential Addons qode-essential-addons.This issue affects Qode Essential Addons: from n/a through <= 1.6.3.
- risk 0.49cvss 7.5epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3.2.
- risk 0.46cvss 7.1epss 0.00
An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the…
- risk 0.44cvss 6.8epss 0.00
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.
- risk 0.42cvss 6.4epss 0.00
The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3.
- risk 0.42cvss 7.5epss 0.01
The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 6.4epss 0.00
The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 6.4epss 0.00
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.42cvss 6.4epss 0.00
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.42cvss 6.4epss 0.01
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…
- risk 0.40cvss 6.1epss 0.00
The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions…
- risk 0.40cvss 6.1epss 0.00
The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This makes it possible for unauthenticated attackers to inject arbitrary web scripts…
- risk 0.40cvss 6.1epss 0.01
DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript.
- risk 0.35cvss 5.4epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7.
- risk 0.35cvss 5.4epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6.
- risk 0.35cvss 6.4epss 0.00
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.32cvss 4.9epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1.5.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wproyal Bard bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 2.210.
- risk 0.28cvss 4.3epss 0.00
The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(),…
- CVE-2025-6252Jun 28, 2025risk 0.00cvss —epss 0.00
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- CVE-2025-1627May 19, 2025risk 0.00cvss —epss 0.00
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
- CVE-2025-1626May 19, 2025risk 0.00cvss —epss 0.00
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting…
- CVE-2025-1625May 19, 2025risk 0.00cvss —epss 0.00
The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting…
- CVE-2024-13699Feb 4, 2025risk 0.00cvss —epss 0.00
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- CVE-2024-9530Oct 23, 2024risk 0.00cvss —epss 0.00
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive…
- CVE-2023-47679May 17, 2024risk 0.00cvss —epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QODE Interactive Qi Addons For Elementor allows PHP Local File Inclusion.This issue affects Qi Addons For Elementor: from n/a through 1.6.3.
- CVE-2019-20781Apr 29, 2020risk 0.00cvss —epss 0.00
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.