CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

Microweber 安全漏洞

Microweber is an open-source online store management system that provides drag-and-drop functionality. This system includes modules for adding products and images. Version 2.0.19 of Microweber has a security vulnerability. This vulnerability stems from the admin/order/abandoned endpoint having...

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

CVE-2025-13753

The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect authorization check on the savetable function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with...

CVE-2025-67932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through 2.0.19...

CVE-2025-13753

CVE-2025-13753 refers to the WP Table Builder – Drag & Drop Table Builder plugin for WordPress. The issue is an incorrect authorization check on save_table() , enabling authenticated users with Subscriber+ privileges to create new wptb-table posts in versions up to and including 2.0.19. The Wordf...

CVE-2025-13753 WP Table Builder <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation

The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect authorization check on the savetable function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with...

PT-2026-1712

Name of the Vulnerable Software and Affected Versions WP Table Builder – Drag & Drop Table Builder plugin for WordPress versions up to and including 2.0.19 Description The WP Table Builder – Drag & Drop Table Builder plugin for WordPress has a flaw where data can be modified without proper...

CVE-2025-67932

CVE-2025-67932 – Listeo Core (Purethemes) vulnerable to Reflected XSS in Listeo Core: vulnerable &lt;2.0.19. Attack requires user interaction and no privileges. CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L; base score 7.1 (HIGH). Patch: Listeo Core version 2.0.19 or newer releases address the i...

CVE-2025-67932 WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through 2.0.19...

PT-2026-1907

Name of the Vulnerable Software and Affected Versions purethemes Listeo Core versions prior to 2.0.19 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-site Scripting XSS issue. This allows for the injection of...

WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Listeo Core versions 2.0.19...

EUVD-2006-0071

Malware in sbrugna...

GHSA-HCGH-R5GQ-6QC2 Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler

A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/websitegroup/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting...

CVE-2025-2214

A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/websitegroup/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting...

CVE-2025-2214

CVE-2025-2214 affects Microweber 2.0.19. The vulnerability is an XSS in the Settings Handler, triggered by manipulating the group argument in the file path userfiles/modules/settings/group/website_group/index.php. It can be exploited remotely and the public PoC has been disclosed. No fixed versio...

Microweber 安全漏洞

Microweber is Microweber open source online store management system that provides drag and drop functionality. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber version 2.0.19, which stems from the incorrect operation of the parameter...

Fedora: Security Advisory (FEDORA-2024-e36b567b66)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...