98 matches found
CVE-2026-1902
The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apix' parameter in the 'hp-calendar-manage-redirect' shortcode in all versions up to, and including, 1.5.11 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-1902
CVE-2026-1902 : The Hammas Calendar plugin for WordPress is vulnerable to a stored cross-site scripting (XSS) flaw via the apix parameter in the short-code hp-calendar-manage-redirect for all versions up to and including 1.5.11 . Exploitation requires an authenticated user with Contributor+ privi...
CVE-2026-1902
The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apix' parameter in the 'hp-calendar-manage-redirect' shortcode in all versions up to, and including, 1.5.11 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Hammas Calendar 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-23812
The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apix' parameter in the 'hp-calendar-manage-redirect' shortcode in all versions up to, and including, 1.5.11 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-68596
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through = 1.5.11...
EUVD-2025-205239
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through = 1.5.11...
CVE-2025-68596
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through = 1.5.11...
CVE-2025-68596
CVE-2025-68596 is a Missing Authorization issue affecting Bit Assist (Bit Apps) WordPress plugin. Wordfence details show Bit Assist vulnerable up to version 1.5.11; no exact exploit details or remediation provided in the connected sources. Monitoring for vendor advisories and patches is advised.
CVE-2025-68596 WordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through = 1.5.11...
PT-2025-53284
Name of the Vulnerable Software and Affected Versions Bit Assist versions through 1.5.11 Description An authorization issue exists in Bit Apps Bit Assist. The problem involves incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations Update B...
WordPress plugin Bit Assist 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Bit Assist versions = 1.5.11...
CVE-2025-52773
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...
CVE-2025-52773 WordPress HieCOR Payment Gateway plugin plugin <= 1.5.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...
CVE-2025-52773 WordPress HieCOR Payment Gateway plugin plugin <= 1.5.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...
EUVD-2025-38004
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...
CVE-2025-52773
CVE-2025-52773 affects the WordPress plugin HieCOR Payment Gateway Plugin (hcv4-payment-gateway)
WordPress plugin HieCOR Payment Gateway Plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
PT-2025-45217
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...