SUSE CVE-2026-6402

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for...

CVE-2026-39701

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

CVE-2026-39701 WordPress ShopWP plugin <= 5.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

CVE-2026-39701

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

PT-2026-31263

Name of the Vulnerable Software and Affected Versions Andrew ShopWP versions through 5.2.4 Description Missing authorization allows exploiting incorrectly configured access control security levels. Recommendations Update to a version greater than 5.2.4...

EUVD-2026-18971

The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpscdisplayproduct' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-30308

Name of the Vulnerable Software and Affected Versions The Simple Shopping Cart plugin for WordPress versions up to and including 5.2.4 Description The Simple Shopping Cart plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'wpsc display product' shortcode. Insufficient...

CVE-2026-30964 Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

CVE-2026-30964

The connected GHSA entry describes a concrete vulnerability in Webauthn Framework: when allowed_origins is configured, CheckAllowedOrigins reduces URL-like origins to their host, causing mismatched origins (scheme/port) to be treated as the same host. This bypasses the strict origin validation re...

CVE-2026-30964

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

CVE-2022-23314

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do...

WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Ninja Tables versions = 5.2.4...

PT-2026-1479

Name of the Vulnerable Software and Affected Versions Ninja Tables versions through 5.2.4 Description A flaw exists in Ninja Tables that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue could potentially allow an attacker to...

WordPress plugin Ninja Tables 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-68561

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP automatorwp allows SQL Injection.This issue affects AutomatorWP: from n/a through = 5.2.4...

CVE-2025-68561 WordPress AutomatorWP plugin <= 5.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4...

EUVD-2025-204793

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4...

CVE-2025-68561

CVE-2025-68561 concerns the WordPress AutomatorWP plugin (versions up to 5.2.4). The vulnerability stems from improper neutralization of special elements in SQL commands, caused by lack of validation of externally supplied SQL statements, enabling SQL injection. Public sources in connected docume...

WordPress plugin AutomatorWP SQL注入漏洞

WordPress AutomatorWP plugin is an open source automation plugin designed for WordPress that allows users to connect different WordPress plugins, sites and applications in a code-free way to create automated workflows. WordPress AutomatorWP plugin suffers from a SQL injection vulnerability that...

CVE-2025-1031

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7...