WordPress GEO my WP plugin <= 4.5.5 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin GEO my WordPress versions = 4.5.5...

WordPress Save as PDF Plugin by PDFCrowd plugin <= 4.5.5 - Reflected Cross-Site Scripting via options vulnerability

Reflected Cross-Site Scripting via options vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Save as PDF versions = 4.5.5...

CVE-2026-0862

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

CVE-2026-23963

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or...

CVE-2026-23962 Mastodon vulnerable to Denial of Service from a single post (client/server)

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

CVE-2023-4545

A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2023-4851

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

EUVD-2025-202087

Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a...

CVE-2025-67559

Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a...

CVE-2025-67559

CVE-2025-67559 affects the WordPress plugin “Online Booking & Scheduling Calendar for WordPress by vcita” up to version 4.5.5. The issue is a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control levels, allowing unauthorized actions within th...

CVE-2025-67559 WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a...

PT-2025-49888

Name of the Vulnerable Software and Affected Versions vcita Online Booking & Scheduling Calendar for WordPress by vcita versions through 4.5.5 Description The software contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to potentially perform actions on behalf of an authenticat...

WordPress plugin Online Booking & Scheduling Calendar for WordPress by vcita 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. The WordPress plugin Onli...

CVE-2025-12881

CVE-2025-12881 concerns the WordPress plugin Return Refund and Exchange For WooCommerce (versions up to 4.5.5). It suffers an Insecure Direct Object Reference due to missing validation on a user-controlled key in wps_rma_fetch_order_msgs(), enabling authenticated attackers with Subscriber level a...

PT-2025-47690

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wps rma cancel return request' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for...

WordPress plugin Return Refund and Exchange For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Online Booking & Scheduling Calendar for WordPress by vcita versions = 4.5.5...

EUVD-2007-0786

Malware in sbrugna...

EUVD-2006-4838

Malware in sbrugna...

EUVD-2007-4001

Malware in sbrugna...