57 matches found
CVE-2026-22356
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through = 6.7.0...
CVE-2026-22356
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through = 6.7.0...
CVE-2026-22356
CVE-2026-22356 applies to WordPress Jetpack CRM (zero-bs-crm)
CVE-2026-22356 WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through = 6.7.0...
CVE-2026-22356
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through = 6.7.0...
CVE-2026-22356 WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through = 6.7.0...
PT-2026-21202
Name of the Vulnerable Software and Affected Versions Jetpack CRM versions through 6.7.0 Description A flaw exists in Automattic Jetpack CRM that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue impacts the software when handling...
WordPress plugin Jetpack CRM 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Skalucy in WordPress Plugin Jetpack CRM versions = 6.7.0...
EUVD-2022-43254
Malicious code in bioql PyPI...
EUVD-2022-51838
Malicious code in bioql PyPI...
EUVD-2022-42729
Malicious code in bioql PyPI...
EUVD-2023-31205
Malicious code in bioql PyPI...
CVE-2023-27429
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin = 5.4.4 versions...
CVE-2022-3919
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4497
The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-3342
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRMCSVImporterLitehtmlapp' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon...
CVE-2022-3342
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRMCSVImporterLitehtmlapp' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon...
CVE-2022-3342
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRMCSVImporterLitehtmlapp' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon...
Deserialization of untrusted data
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRMCSVImporterLitehtmlapp' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon...