|
141
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2016-20080
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attac…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2016-20079
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2016-20078
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
6.2 |
MEDIUM
Local
|
-
|
-
|
WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.p…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2016-20077
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
7.5 |
HIGH
Network
|
-
|
-
|
WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete_backup_file and…
New
|
CWE-22
Path Traversal
|
CVE-2016-20076
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
8.8 |
HIGH
Network
|
-
|
-
|
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious f…
New
|
CWE-863
Incorrect Authorization
|
CVE-2016-20075
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
4.3 |
MEDIUM
Network
|
-
|
-
|
WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can tric…
New
|
CWE-352
Origin Validation Error
|
CVE-2016-20074
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
8.2 |
HIGH
Network
|
-
|
-
|
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id'…
New
|
CWE-89
SQL Injection
|
CVE-2016-20073
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
8.2 |
HIGH
Network
|
-
|
-
|
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid p…
New
|
CWE-89
SQL Injection
|
CVE-2016-20072
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
8.2 |
HIGH
Network
|
-
|
-
|
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicio…
New
|
CWE-89
SQL Injection
|
CVE-2016-20071
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
