Filtered by vendor Qodeinteractive
Subscribe
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47840 | 1 Qodeinteractive | 1 Qode Essential Addons | 2026-04-28 | N/A | 9.9 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | |||||
| CVE-2025-69034 | 1 Qodeinteractive | 1 Lekker | 2026-04-27 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8. | |||||
| CVE-2025-69032 | 1 Qodeinteractive | 1 Fivestar | 2026-04-27 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7. | |||||
| CVE-2025-69030 | 1 Qodeinteractive | 1 Backpack Traveler | 2026-04-27 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3. | |||||
| CVE-2025-39467 | 1 Qodeinteractive | 1 Wanderland | 2026-04-27 | N/A | 8.1 HIGH |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. | |||||
| CVE-2025-39466 | 1 Qodeinteractive | 1 Dor | 2026-04-27 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4. | |||||
| CVE-2025-67934 | 1 Qodeinteractive | 1 Wellspring | 2026-04-27 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8. | |||||
| CVE-2025-67515 | 1 Qodeinteractive | 1 Wilmer | 2026-04-27 | N/A | 8.8 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.5. | |||||
| CVE-2025-66532 | 1 Qodeinteractive | 1 Powerlift | 2026-04-27 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1. | |||||
| CVE-2025-64368 | 1 Qodeinteractive | 1 Bard | 2026-04-27 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6. | |||||
| CVE-2025-49297 | 1 Qodeinteractive | 1 Grill And Chow | 2026-04-23 | N/A | 8.1 HIGH |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6. | |||||
| CVE-2025-49296 | 1 Qodeinteractive | 1 Grandprix | 2026-04-23 | N/A | 8.1 HIGH |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6. | |||||
| CVE-2025-49295 | 1 Qodeinteractive | 1 Mediclinic | 2026-04-23 | N/A | 8.1 HIGH |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1. | |||||
| CVE-2025-39494 | 1 Qodeinteractive | 1 Wilmer | 2026-04-23 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.4.2. | |||||
| CVE-2025-39490 | 1 Qodeinteractive | 1 Backpack Traveler | 2026-04-23 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2. | |||||
| CVE-2025-39458 | 1 Qodeinteractive | 1 Foton | 2026-04-23 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through <= 2.5.2. | |||||
| CVE-2024-50457 | 1 Qodeinteractive | 1 Qode Essential Addons | 2026-04-23 | N/A | 7.5 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qode Essential Addons qode-essential-addons.This issue affects Qode Essential Addons: from n/a through <= 1.6.3. | |||||
| CVE-2024-38712 | 1 Qodeinteractive | 1 Qi Blocks | 2026-04-23 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3. | |||||
| CVE-2024-5221 | 1 Qodeinteractive | 1 Qi Blocks | 2026-04-08 | N/A | 6.4 MEDIUM |
| The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-3309 | 1 Qodeinteractive | 1 Qi Addons For Elementor | 2026-04-08 | N/A | 6.4 MEDIUM |
| The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||