Filtered by vendor Qodeinteractive
Subscriptions
Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67515 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Wilmer, Wilmer, Wordpress | 2026-01-29 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.5. | ||||
| CVE-2025-49297 | 1 Qodeinteractive | 1 Grill And Chow | 2026-01-29 | 8.1 High |
| Path Traversal vulnerability in Mikado-Themes Grill and Chow allows PHP Local File Inclusion. This issue affects Grill and Chow: from n/a through 1.6. | ||||
| CVE-2025-49296 | 1 Qodeinteractive | 1 Grandprix | 2026-01-29 | 8.1 High |
| Path Traversal vulnerability in Mikado-Themes GrandPrix allows PHP Local File Inclusion. This issue affects GrandPrix: from n/a through 1.6. | ||||
| CVE-2025-49295 | 1 Qodeinteractive | 1 Mediclinic | 2026-01-29 | 8.1 High |
| Path Traversal vulnerability in Mikado-Themes MediClinic allows PHP Local File Inclusion. This issue affects MediClinic: from n/a through 2.1. | ||||
| CVE-2025-39494 | 1 Qodeinteractive | 1 Wilmer | 2026-01-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from n/a through n/a. | ||||
| CVE-2025-39490 | 2 Qodeinteractive, Wordpress | 2 Backpack Traveler, Wordpress | 2026-01-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler allows PHP Local File Inclusion. This issue affects Backpack Traveler: from n/a through 2.7. | ||||
| CVE-2025-67937 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Hendon, Hendon, Wordpress | 2026-01-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7. | ||||
| CVE-2025-67936 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Curly, Curly, Wordpress | 2026-01-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3. | ||||
| CVE-2025-67935 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Optimize, Optimize, Wordpress | 2026-01-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4. | ||||
| CVE-2025-69034 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Lekker, Lekker, Wordpress | 2026-01-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8. | ||||
| CVE-2025-69032 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Fivestar, Fivestar, Wordpress | 2026-01-29 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7. | ||||
| CVE-2025-69030 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Backpack Traveler, Backpack Traveler, Wordpress | 2026-01-29 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3. | ||||
| CVE-2025-39467 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Wanderland, Wanderland, Wordpress | 2026-01-29 | 9.8 Critical |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. | ||||
| CVE-2025-39458 | 1 Qodeinteractive | 1 Foton | 2026-01-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through 2.5.2. | ||||
| CVE-2025-67934 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Wellspring, Wellspring, Wordpress | 2026-01-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8. | ||||
| CVE-2024-49690 | 1 Qodeinteractive | 1 Qi Blocks | 2026-01-26 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qi Blocks.This issue affects Qi Blocks: from n/a through 1.3.2. | ||||
| CVE-2024-50457 | 1 Qodeinteractive | 1 Qode Essential Addons | 2026-01-26 | 7.5 High |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3. | ||||
| CVE-2024-38712 | 1 Qodeinteractive | 1 Qi Blocks | 2026-01-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Qode Interactive Qi Blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through 1.3. | ||||
| CVE-2025-1627 | 1 Qodeinteractive | 1 Qi Blocks | 2026-01-09 | 5.4 Medium |
| The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-1626 | 1 Qodeinteractive | 1 Qi Blocks | 2026-01-09 | 5.4 Medium |
| The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||