CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

CVE-2025-10731

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

EUVD-2026-11298

Shopware has user enumeration via distinct error codes on Store API login endpoint...

CVE-2026-1980

CVE-2026-1980 refers to the WPBookit WordPress plugin, affecting versions up to 1.0.8. Root cause: missing authorization on the get_customer_list route, enabling unauthenticated attackers to disclose sensitive customer data (names, emails, phone numbers, dates of birth, gender). Impact: unauthori...

CVE-2026-1431 Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

Linux Distros Unpatched Vulnerability : CVE-2021-21443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x...

CVE-2024-1294

The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer...

PT-2024-17810 · WordPress · Sunshine Photo Cart

Name of the Vulnerable Software and Affected Versions: The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress versions up to, and including, 3.0.24 Description: The issue allows unauthenticated attackers to extract sensitive data, including customer email and physic...

PT-2023-29972 · Facebook · Pixel Plus: Events + Capi + Pixel Catalog For Facebook Module

Name of the Vulnerable Software and Affected Versions: Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module version 2.4.9 Description: The issue is related to a lack of permissions control in the module, allowing a guest to download personal information without restriction. This can lead...

SUSE CVE-2021-21443

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

saleor 输入验证错误漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. saleor suffers from an input validation error vulnerability that stems from a number of GraphQL mutations that do not...

CVE-2021-21443

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

CVE-2021-21443

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

UBUNTU-CVE-2021-21443

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

CVE-2021-21443

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

Code injection

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

CVE-2021-21443

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

CVE-2021-21443 Unautorized listing of the customer user emails

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

OTRS 信息泄露漏洞

OTRS is an application from the German company OTRS. A service management software. An information disclosure vulnerability exists in OTRS AG OTRS Community Edition, which stems from an agent being able to list customer user emails in a bulk action screen without requiring privileges...