39 matches found
Incorrect Resource Transfer Between Spheres
Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can cause unauthorized remote image loading by embedding specially crafted SVG content with animate elements using attributes such as fill,...
Roundcube Webmail 安全漏洞
Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.15 and 1.6.15 contained security vulnerabilities. These vulnerabilities stemmed fr...
CVE-2026-32398
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...
CVE-2026-32398
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...
CVE-2026-32398 WordPress TeraWallet – For WooCommerce plugin <= 1.5.15 - Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...
CVE-2026-32398
CVE-2026-32398: The Red Hat/NVD/CCVE and CVE records identify a race-condition vulnerability in the WordPress TeraWallet – For WooCommerce plugin, affecting versions up to and including 1.5.15. The issue is described as Concurrent Execution using a Shared Resource with Improper Synchronization, i...
CVE-2026-32398
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...
CVE-2026-32398 WordPress TeraWallet – For WooCommerce plugin <= 1.5.15 - Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...
CVE-2026-24612
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...
CVE-2026-24612
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...
CVE-2026-24612 WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...
CVE-2026-24612
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...
CVE-2026-24612
CVE-2026-24612 is a missing Authorization vulnerability in the WordPress plugin/theme Orchid Store (theme version 1.5.15) or apply vendor-provided fixes once available. If no upgrade is feasible, monitor for official patches and advisories from the vendor.
WordPress plugin Orchid Store has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...
PT-2026-4444
Name of the Vulnerable Software and Affected Versions Orchid Store versions through 1.5.15 Description An issue exists in Orchid Store related to incorrectly configured access control security levels, allowing for missing authorization. The vulnerability allows exploitation due to this access...
WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by John P in WordPress Theme Orchid Store versions = 1.5.15...
CVE-2023-45831
Cross-Site Request Forgery CSRF vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin = 1.5.15 versions...
CVE-2020-36736
The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...
CVE-2023-45831
Cross-Site Request Forgery CSRF vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin = 1.5.15 versions...
CVE-2023-28533
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in M Williams Cab Grid plugin = 1.5.15 versions...