CVE-2025-2890 tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter

The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

CVE-2025-2890 tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter

The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

CVE-2025-2890

CVE-2025-2890 affects the WordPress plugin “tagDiv Opt-In Builder” (TagDiv Opt-In Builder) and is exploitable via a time-based SQL Injection in the subscriptionCouponId parameter. All versions up to and including 1.7 are affected due to insufficient escaping and improper preparation of the SQL qu...

WordPress plugin tagDiv Opt-In Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

PT-2025-18243 · WordPress · Tagdiv Opt-In Builder

Name of the Vulnerable Software and Affected Versions: tagDiv Opt-In Builder plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to time-based SQL Injection via the subscriptionCouponId parameter due to insufficient escaping on the user-supplied parameter and...

April 25, 2025—KB5055627(OS Build 26100.3915) Preview

April 25, 2025—KB5055627OS Build 26100.3915 Preview Change log Change date| Change description ---|--- May 26. 2026| Updated the second MSU file listed under Catalog in Method 2. August 6, 2025| Normal rollout: Input ​​​​​​​and Networking improvements added. August 20, 2025| Gradual rollout:...

Meta slurps up EU user data for AI training

European Facebook users have so far avoided having their public posts used to train parent company Meta's AI model. That's about to change, the company has warned. In a blog post today, it said that EU residents' data was fair game and it would be slurping up public posts for training soon...

CVE-2025-32378

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

CVE-2025-32378

Shopware CVE-2025-32378 affects Shopware open source platforms prior to 6.6.10.3 and 6.5.8.17, where default double-opt-in newsletter settings allow mass sign-ups without confirmation. With Newsletter: Double Opt-in active and related disabled options, anyone can register using any email and opt ...

CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse

Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...

Insecure Default Initialization of Resource

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the default newsletter opt-in settings. An attacker can abuse the system for mass unsolicited newslett...

GHSA-4H9W-7VFP-PX8M Shopware default newsletter opt-in settings allow for mass sign-up abuse

Impact Currently the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are: Newsletter: Double Opt-in - active Newsletter: Double opt-in for registered customers - disabled Log-in & sign-up: Double opt-in on sign-up - disabled...

Insecure Default Initialization of Resource

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the default newsletter opt-in settings. An attacker can abuse the system for mass unsolicited newsletter sign-ups without requiring...

Shopware default newsletter opt-in settings allow for mass sign-up abuse

Impact Currently the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are: Newsletter: Double Opt-in - active Newsletter: Double opt-in for registered customers - disabled Log-in & sign-up: Double opt-in on sign-up - disabled...

PT-2025-15708 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.10.3 Shopware versions prior to 6.5.8.17 Description: The issue concerns the default settings for double-opt-in in Shopware, which allows for mass unsolicited newsletter sign-ups without confirmation...

FreeBSD : firefox -- authentication bypass (f7d80111-116c-11f0-8b2c-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f7d80111-116c-11f0-8b2c-b42e991fc52e advisory. [email protected] reports: Under certain circumstances, a user opt-in setting that Focus should...

CVE-2025-1941

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed distinct from CVE-2025-0245. This vulnerability affects Firefox 136...

CVE-2025-1941

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed distinct from CVE-2025-0245. This vulnerability affects Firefox 136...