5 matches found
CVE-2026-0702
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-66153
Missing Authorization vulnerability in merkulove Headinger for Elementor headinger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through = 1.1.4...
CVE-2025-59046
The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...
PT-2025-12451 · Unknown · Lzcms-Laozhangbokexitong
Name of the Vulnerable Software and Affected Versions: LzCMS-LaoZhangBoKeXiTong versions up to 1.1.4 Description: A critical issue affects some unknown functionality of the file /admin/upload/upimage.html, specifically the HTTP POST Request Handler component. The manipulation of the File argument...
CVE-2024-35752
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4...