CLEANSTART-2026-IO64893 Security fixes for CVE-2025-14847, CVE-2025-58181, CVE-2025-61727, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289 applied in versions: 8.2.1-r1, 8.2.5-r0

Multiple security vulnerabilities affect the mongodb package. These issues are resolved in later releases. See references for individual vulnerability details...

BIT-PRESTASHOP-2026-33674 PrestaShop: Improper Use of Validation Framework

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

CVE-2026-33673

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

CVE-2026-33674

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

CVE-2026-33674 PrestaShop: Improper Use of Validation Framework

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

CVE-2026-33674 PrestaShop: Improper Use of Validation Framework

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available...

CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

CVE-2026-33673 PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 are vulnerable to stored Cross-Site Scripting stored XSS vulnerabilities in the BO. An attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability,...

GHSA-35PF-37C6-JXJV PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

Impact Multiple stored Cross-Site Scripting stored XSS vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Patches Patched on 8.2.5 and 9.1....

PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

Impact Multiple stored Cross-Site Scripting stored XSS vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Patches Patched on 8.2.5 and 9.1....

Improper Use of Validation Framework

Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Improper Use of Validation Framework in the validation framework. An attacker can...

WordPress WP Customer Area plugin < 8.2.5 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Customer Area versions 8.2.5...

CVE-2025-67471

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through = 8.2.5...

CVE-2025-67471 WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through = 8.2.5...

WordPress WoodMart plugin <= 8.2.5 - Unauthenticated Post Disclosure vulnerability

Unauthenticated Post Disclosure vulnerability discovered by stealthcopter in WordPress Theme WoodMart versions = 8.2.5...

WordPress plugin WP Customer Area 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-26350 · WordPress · Wp Customer Area

Name of the Vulnerable Software and Affected Versions: WP Customer Area versions 8.2.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP Customer Area...

CVE-2023-25985

Cross-Site Request Forgery CSRF vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5...

Pydio Core <= 8.2.5 XSS Vulnerability

Pydio Core is prone to a cross-site scripting XSS vulnerability via the New URL Bookmark feature. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Pydio Core 安全漏洞

Pydio Core is a document sharing and collaboration platform core program from Pydio, Inc. A security vulnerability exists in Pydio Core 8.2.5 and earlier versions, which stems from a cross-site scripting vulnerability in the New URL Bookmark feature...