428 matches found
CVE-2025-14365 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion
The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on the RemoveItems AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary WooCommerce...
CVE-2025-14365 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion
The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on the RemoveItems AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary WooCommerce...
PT-2025-51066
The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...
WordPress plugin Contact Form by BestWebSoft 安全漏洞
...
GHSA-662M-56V4-3R8F Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass
Summary A Server-Side Template Injection SSTI vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. This vulnerability stems from weak...
WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Easy Form versions = 2.7.8...
WordPress Booking Calendar Contact Form Plugin Missing Authorization Vulnerability
WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...
WordPress Gutenverse Form plugin missing authorization vulnerability
WordPress Gutenverse Form plugin is a form builder plugin designed for WordPress' Gutenberg block editor, designed to help users create feature-rich forms without writing code. A lack of authorization vulnerability exists in WordPress Gutenverse Form plugin, which can be exploited by attackers to...
CVE-2025-13384
The WordPress plugin CP Contact Form with PayPal (
WordPress plugin Gutenverse Form 安全漏洞
WordPress Gutenverse Form plugin is a form builder plugin designed for WordPress' Gutenberg block editor, designed to help users create feature-rich forms without writing code. A lack of authorization vulnerability exists in WordPress Gutenverse Form plugin, which can be exploited by attackers to...
CVE-2015-10147
CVE-2015-10147 summary (NORMAL) The Easy Testimonial Slider and Form WordPress plugin is vulnerable to SQL Injection via the id parameter in all versions up to and including 1.0.2 due to insufficient escaping and improper query preparation. This allows authenticated attackers with Administrator-l...
WordPress Easy Testimonial Slider and Form plugin <= 1.0.2 - Authenticated (Admin+) SQL injection vulnerability
Authenticated Admin+ SQL injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Easy Testimonial Slider and Form versions = 1.0.2...
WordPress CF7 Auto Responder Addon plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress CF7 Auto Responder Addon plugin, which stems from the application's lack of effective filtering and escaping of...
EUVD-2015-1980
Malware in sbrugna...
EUVD-2019-3261
Malware in sbrugna...
EUVD-2021-11137
Malware in sbrugna...
EUVD-2013-1031
Malware in sbrugna...
EUVD-2015-9135
Malware in sbrugna...
EUVD-2016-1863
Malware in sbrugna...
EUVD-2017-9726
Malware in sbrugna...