36544 matches found
CVE-2025-47600 WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...
PT-2026-4058
Name of the Vulnerable Software and Affected Versions Vollstart Event Tickets with Ticket Scanner versions through 2.8.3 Description A code injection issue exists in Vollstart Event Tickets with Ticket Scanner. The issue involves improper control of code generation, potentially allowing for code...
WordPress Plugin Event Tickets with Ticket Scanner: Code Injection Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4027
Name of the Vulnerable Software and Affected Versions Nelio AB Testing versions through 8.1.8 Description A code injection issue exists in Nelio AB Testing. The issue allows for improper control of code generation. Recommendations Update Nelio AB Testing to a version later than 8.1.8...
PT-2026-3964
Name of the Vulnerable Software and Affected Versions xtemos WoodMart versions through 8.3.7 Description The software contains an Improper Neutralization of Script-Related HTML Tags in a Web Page issue, which allows for Code Injection. This is a Basic Cross-Site Scripting XSS condition...
WordPress plugin Woodmart has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Beaver Builder has a code injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin DeepDigital has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Nelio AB Testing: Code injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin FluentForm has a code injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-4239
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...
PT-2026-4118
Name of the Vulnerable Software and Affected Versions FluentForm versions through 6.1.11 Description A code injection issue exists in FluentForm. The issue involves improper control of code generation, potentially allowing for code injection. Recommendations Update FluentForm to a version later...
PT-2026-4197
Improper Control of Generation of Code 'Code Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through = 2.9.4.1...
PT-2026-4314
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-1245
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...
CVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2021-47778
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...
CVE-2021-47860
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...
EUVD-2026-3611
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote cod...
EUVD-2026-3660
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...