CVE-2025-64638

Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through = 1.0.47...

EUVD-2025-203591

Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through = 1.0.47...

CVE-2025-64638

Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through = 1.0.47...

CVE-2025-64638

CVE-2025-64638 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin OnPay.io for WooCommerce (versions up to and including 1.0.47). The root cause is "Incorrectly Configured Access Control Security Levels" (lacking proper authorization). Impact details are not ...

CVE-2025-64638 WordPress OnPay.io for WooCommerce plugin <= 1.0.47 - Broken Access Control vulnerability

Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through = 1.0.47...

PT-2025-51407

Name of the Vulnerable Software and Affected Versions OnPay.io for WooCommerce versions through 1.0.47 Description The software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue is present in OnPay.io for...

WordPress OnPay.io for WooCommerce plugin <= 1.0.47 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin OnPay.io for WooCommerce versions = 1.0.47...

EUVD-2017-6672

Malware in sbrugna...

CVE-2017-15212

In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user...

CVE-2017-15203

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user...

CVE-2017-15198

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user...

CVE-2017-15205

In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user...

CVE-2024-5485

The SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Trigger Link shortcode in all versions up to, and including, 1.0.47 due to insufficient input sanitization and output escaping on user...

SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! < 1.0.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trigger Link Shortcode

Description The SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Trigger Link shortcode in all versions up to, and including, 1.0.47 due to insufficient input sanitization and output...

SUSE CVE-2013-6474

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file...

SUSE CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file...

CVE-2022-0616

The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack...

WordPress plugin Amelia 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability previously exist...

CVE-2021-24316

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue...

CVE-2017-15210

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user...