65 matches found
CVE-2026-4798
The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-4798 Avada Builder <= 3.15.1 - Unauthenticated SQL Injection via 'product_order' Parameter
The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-4798
The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
EUVD-2026-22822
The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...
CVE-2026-1509
The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...
WordPress Avada (Fusion) Builder plugin <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution vulnerability
Authenticated Subscriber+ Limited Arbitrary WordPress Action Execution vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.15.1...
CVE-2026-1509
The CVE concerns the Avada (Fusion) Builder plugin for WordPress, affected in all versions up to 3.15.1. The root cause is the output_action_hook() function accepting user-controlled input to trigger any registered WordPress action hook without proper authorization checks, allowing authenticated ...
CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution
The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...
CVE-2026-1128 WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF
The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...
CVE-2026-1128 WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF
The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...
WordPress plugin WP eCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress WP eCommerce plugin <= 3.15.1 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin WP eCommerce versions = 3.15.1...
CVE-2026-1235
The vulnerability CVE-2026-1235 affects the WP eCommerce WordPress plugin (up to version 3.15.1). It arises from unserializing user input via ajax actions, enabling PHP Object Injection when a suitable gadget is present on the blog. Impact is unauthenticated access to trigger the issue; exploitat...
CVE-2026-1235 WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection
The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
WordPress plugin WP eCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-7487
The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Overview bthome-ble is a BThome BLE support Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' due to insufficient enforcement of encryption requirements in the parsebthomev1 and parsebthomev2 functions in...
EUVD-2021-19495
Malware in sbrugna...
EUVD-2024-42351
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2014-4508
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arch/x86/kernel/entry32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allo...