CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
In Charity Zone versions <= 1.1.1, there is a vulnerability that allows subscribers to upload arbitrary files.
In Kids Gift Shop versions <= 0.5.4, there is a vulnerability allowing arbitrary file uploads by subscribers.
In Ecommerce Zone versions <= 0.9.7, there is a vulnerability that allows subscribers to upload arbitrary files.
In Restaurant Zone versions <= 0.7.8, there is a vulnerability allowing arbitrary file uploads by subscribers.
There is an unauthenticated PHP Object Injection vulnerability in WooCommerce Product Filters versions below 2.0.6.
There is an unauthenticated SQL injection vulnerability in Blocksy Companion Pro versions below 2.1.29.
In Webenvo versions <= 0.0.6, there is a vulnerability that allows subscribers to upload arbitrary files.
There is an unauthenticated PHP Object Injection vulnerability in Elementra versions <= 1.0.9.
Unauthenticated SQL Injection exists in ListingPro versions <= 2.9.10.
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects versions before 3.4.2.
Missing authorization check in DataSource API leads to arbitrary data source metadata disclosure in Apache DolphinScheduler.
Nifty versions up to 1.4.1 are vulnerable to unauthenticated PHP object injection.
In Support Board versions below 3.8.9, there is a vulnerability that allows unauthenticated privilege escalation.
The Elementor (Premium) plugin versions up to 2.0.6 contain a vulnerability that allows unauthorized file uploads by users with appropriate permissions.
The ACPT (Pro) - Custom Post Types Plugin for WordPress has a vulnerability due to improper control of code generation, allowing for remote code injection.
In WishList Member X versions up to 3.29.0, there is a vulnerability that allows subscribers to upload arbitrary files.
Versions of MetForm Pro <= 3.9.1 have an unauthenticated broken access control vulnerability that may allow attackers to access resources they should not have access to.
There is an unauthenticated SQL injection vulnerability in WPJobster versions up to 6.3.5.
There is an unauthenticated SQL injection vulnerability in Tutor LMS Pro versions up to 3.9.6.
In Restaurt versions <= 1.0.4, there is a vulnerability that allows subscribers to upload arbitrary files.

