5 matches found
CVE-2026-14782
The CVE-2026-14782 entry concerns the Booking for Appointments and Events Calendar – Amelia plugin for WordPress. A SQL Injection exists via the Customer Import feature in all versions up to and including 2.4.3, due to insufficient escaping of the user-supplied parameter and inadequate preparatio...
CVE-2026-59236
Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...
EUVD-2026-44622
Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...
WordPress plugin Import and export users and customers security vulnerability
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Import...
Magento Open Source Security Advisory: Patch SUPEE-10975
Magento Commerce 1.14.4.0 and Open Source 1.9.4.0 have been enhanced with critical security updates to address multiple vulnerabilities, including remote code execution RCE, cross-site scripting XSS, cross-site request forgery CSRF, and more. The following issues have been identified and...