126 matches found
CVE-2026-5254
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component Webhook Handler. The manipulation leads to cross site scripting. The attack may be initiated...
CVE-2026-3681
A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to...
CVE-2026-3682
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicl...
CVE-2026-3682 welovemedia FFmate ffmpeg.go Execute argument injection
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicl...
PT-2026-23890
Name of the Vulnerable Software and Affected Versions welovemedia FFmate versions up to 2.0.15 Description A weakness exists in welovemedia FFmate up to version 2.0.15. This issue affects the fireWebhook function within the /internal/service/webhook/webhook.go file. A manipulation can lead to...
PT-2026-23891
Name of the Vulnerable Software and Affected Versions welovemedia FFmate versions up to 2.0.15 Description A security issue has been identified in welovemedia FFmate. The vulnerability resides in the Execute function within the /internal/service/ffmpeg/ffmpeg.go file and allows for argument...
CVE-2026-28048
CVE-2026-28048 affects the WordPress FlashMart theme (versions <= 2.0.15). The issue is an Improper Control of Filename for Include/Require in PHP, enabling Local File Inclusion via PHP include/require statements. Root cause: unvalidated/unrestricted filenames in include paths. Impact is Local...
CVE-2026-28048 WordPress FlashMart theme <= 2.0.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech FlashMart flashmart allows PHP Local File Inclusion.This issue affects FlashMart: from n/a through = 2.0.15...
WordPress plugin FlashMart 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress FlashMart theme <= 2.0.15 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FlashMart versions = 2.0.15...
CVE-2025-68000
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through = 2.0.15...
CVE-2025-68024
Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through = 2.0.15...
CVE-2025-68000
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through = 2.0.15...
CVE-2025-68024
CVE-2025-68024 applies to Addonify – WooCommerce Wishlist (addonify-wishlist) up to version 2.0.15, with a Missing Authorization flaw that permits unauthenticated settings updates by exploiting incorrectly configured access control. Public context in Red Hat/NVD entries and Patchstack confirms th...
CVE-2025-68024 WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability
Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through = 2.0.15...
CVE-2025-68000 WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through = 2.0.15...
PT-2026-21073
Name of the Vulnerable Software and Affected Versions Addonify – WooCommerce Wishlist versions through 2.0.15 Description An authorization issue exists in Addonify – WooCommerce Wishlist addonify-wishlist, allowing exploitation of incorrectly configured access control security levels...
PT-2026-21067
Name of the Vulnerable Software and Affected Versions PickPlugins Testimonial Slider versions through 2.0.15 Description A missing authorization issue exists in PickPlugins Testimonial Slider. The issue involves exploiting incorrectly configured access control security levels within the testimoni...
CVE-2025-12984
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2025-12984
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...