ByteOS Network

WebGeniusLab

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

4Vulnerabilities found

CVE-2026-32439

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-5.3||MEDIUM

EPSS-0.04% / 13.11%

7 Day CHG~0.00%

Published-13 Mar, 2026 | 11:42

Updated-29 Apr, 2026 | 09:51

WordPress BigHearts theme <= 3.1.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14.

Vendor-WebGeniusLab

Product-BigHearts

CWE ID-CWE-862

Missing Authorization

CVE-2025-69046

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-8.1||HIGH

EPSS-0.21% / 42.67%

7 Day CHG~0.00%

Published-22 Jan, 2026 | 16:52

Updated-28 Apr, 2026 | 20:35

WordPress iRecco Core plugin <= 1.3.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab iRecco Core irecco-core allows PHP Local File Inclusion.This issue affects iRecco Core: from n/a through <= 1.3.6.

Vendor-WebGeniusLab

Product-iRecco Core

CWE ID-CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CVE-2025-49886

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-8.1||HIGH

EPSS-0.50% / 66.62%

7 Day CHG~0.00%

Published-27 Jun, 2025 | 11:52

Updated-28 Apr, 2026 | 16:13

WordPress Zikzag Core plugin <= 1.4.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core zikzag-core allows PHP Local File Inclusion.This issue affects Zikzag Core: from n/a through <= 1.4.5.

Vendor-WebGeniusLab

Product-Zikzag Core

CWE ID-CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CVE-2025-39473

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-8.1||HIGH

EPSS-0.26% / 49.42%

7 Day CHG~0.00%

Published-09 Jun, 2025 | 15:54

Updated-28 Apr, 2026 | 16:12

WordPress Seofy Core plugin <= 1.6.8 - Local File Inclusion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core seofy-core allows PHP Local File Inclusion.This issue affects Seofy Core: from n/a through <= 1.6.8.

Vendor-WebGeniusLab

Product-Seofy Core

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')