3425 matches found
CVE-2026-39705
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2026-39705 WordPress MIPL WC Multisite Sync plugin <= 1.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2026-39705
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2026-39705 WordPress MIPL WC Multisite Sync plugin <= 1.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through = 1.4.4...
CVE-2026-39705
CVE-2026-39705 concerns the WordPress plugin MIPL WC Multisite Sync by Mulika Team, vulnerable through a missing/incorrect authorization mechanism. The issue affects versions through 1.4.4 and is categorized as Broken Access Control due to improperly configured access control security levels. Pub...
CVE-2026-2838
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowholesuccessmsg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-2838 Whole Enquiry Cart for WooCommerce <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'woowhole_success_msg' Parameter
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowholesuccessmsg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-2838 Whole Enquiry Cart for WooCommerce <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'woowhole_success_msg' Parameter
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowholesuccessmsg’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2026-2838
CVE-2026-2838 affects The Whole Enquiry Cart for WooCommerce plugin (WordPress). The issue is a Stored Cross-Site Scripting vulnerability in the parameter ‘woowhole_success_msg’ present in all versions up to and including 1.2.1, caused by insufficient input sanitization and output escaping. Explo...
PT-2026-31091
Name of the Vulnerable Software and Affected Versions The Whole Enquiry Cart for WooCommerce plugin for WordPress versions up to and including 1.2.1 Description The Whole Enquiry Cart for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the woowhole success m...
PT-2026-31267
Name of the Vulnerable Software and Affected Versions MIPL WC Multisite Sync versions through 1.4.4 Description A missing authorization issue exists in Mulika Team MIPL WC Multisite Sync, allowing exploitation of incorrectly configured access control security levels. Recommendations Update MIPL W...
WordPress plugin MIPL WC Multisite Sync 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
BIT-DISCOURSE-2026-33073 discourse-subscriptions plugin leaking stripe API key in multisite environment
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential for stripe related information to be leaked across...
CVE-2026-33073
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...
CVE-2026-33073
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...
CVE-2026-33073 discourse-subscriptions plugin leaking stripe API key in multisite environment
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...
CVE-2026-33073
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...
EUVD-2026-17567
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...
CVE-2026-33073 discourse-subscriptions plugin leaking stripe API key in multisite environment
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...
CVE-2026-33073 discourse-subscriptions plugin leaking stripe API key in multisite environment
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...