CVE-2026-2582

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...

EUVD-2026-22223

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2026-2582

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2026-2582

The vulnerability (CVE-2026-2582) affects the Germanized for WooCommerce WordPress plugin and allows unauthenticated attackers to execute arbitrary shortcodes via the account_holder parameter in any version up to 3.20.5. The root cause is that the plugin performs an action that does not properly ...

PT-2026-32600

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before runnin...

CVE-2025-54149

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central...

PT-2026-7556

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description An out-of-bounds read issue exists in Qsync Central. A remote attacker who has obtained a user account can exploit this issue to access sensitive data. Recommendations Update to Qsync Central...

CVE-2025-52871

An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: License Center 2.0.36 and later...

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover

A Cross-Site Request Forgery CSRF attack can be performed in mailman due to a CSRF token bypass. CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request, effectively...

CVE-2018-14869

PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile...

PT-2018-12770 · Php · Php Template Store Script

Name of the Vulnerable Software and Affected Versions: PHP Template Store Script version 3.0.6 Description: The issue allows for cross-site scripting XSS attacks through specific fields in a user's profile, including the Address line 1, Address Line 2, Bank name, or A/C Holder name field...