CVE-2025-14509 Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection when operating in Restricted Mode, which is enabled for untrusted workspaces. Remediation Upgrade github.com/golang/vscode-go/extension to version 0.52.0-rc.1 or higher. References - GitHub ChangeLog - GitHub...

PT-2025-54176

Name of the Vulnerable Software and Affected Versions 08CMS Novel System versions up to 3.4 Description A security issue exists in 08CMS Novel System related to the processing of the admina/mtpls.inc.php file within the Template Handler component. This manipulation can lead to code injection, and...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the init function in the file src/main/java/com/sohu/cache/web/controller/LoginController.java, which...

work_platform 代码注入漏洞

workplatform is a development framework by zhujunliang personal developer. A code injection vulnerability exists in workplatform, which stems from an error in the component Content Handler that could lead to a cross-site scripting attack...

product-review 代码注入漏洞

product-review is a product review system by sunhailin12315 individual developer. A code injection vulnerability exists in product-review, which stems from the incorrect manipulation of the parameter content in the component Write a Review, which could lead to a cross-site scripting attack...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function index in the file...

PT-2025-53921

Name of the Vulnerable Software and Affected Versions Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress versions up to and including 1.1.13 Description The software contains a PHP Code Injection issue stemming from the use of eval to process user-provided input from the 'Conditional...

WordPress plugin Lucky Wheel for WooCommerce – Spin a Sale 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

08CMS Novel System 代码注入漏洞

08CMS Novel System is a novel system of China Dingdot 08CMS company. A code injection vulnerability exists in 08CMS Novel System 3.4 and earlier versions, which stems from incorrect manipulation of the file admina/mtpls.inc.php in the component Template Handler, which can lead to code injection...

CampCodes Park Ticketing System 代码注入漏洞

CampCodes Park Ticketing System is a park ticketing system from CampCodes Philippines. A code injection vulnerability exists in CampCodes Park Ticketing System version 1.0, which stems from an incorrect manipulation of the parameter Name of the function savepricing in the file adminclass.php, whi...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the functions doMachineList and doPodList in the file...

EUVD-2025-205596

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2...

CVE-2025-15148

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...

CVE-2025-68897

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

CVE-2025-68897 WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

CVE-2025-68897

The connected Wordfence report documents CVE-2025-68897 as affecting IF AS Shortcode. It is described as an Unauthenticated? No, the entry shows “Authenticated (Contributor+) Remote Code Execution” via the IF AS Shortcode before 1.2, implying code execution when an attacker with Contributor+ righ...

CVE-2025-68897 WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

CVE-2025-15130

A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attac...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function index in the file src/main/java/com/sohu/cache/web/controller/ResourceController.java,...