48 matches found
CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...
CVE-2023-4923
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsdelete function. This makes it possible for unauthenticated attackers to delete products via a forged reques...
CVE-2019-7925
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder...
CVE-2025-12720
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...
EUVD-2025-201531
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2025-12720 g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handleenqueueonly function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2025-12130
The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...
CVE-2025-12130
CVE-2025-12130 concerns the WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors WordPress plugin. Wordfence and NVD indicate a Cross-Site Request Forgery (CSRF) vulnerability due to missing/incorrect nonce validation on the /vendor_dashboard/product/delete/ endpoint, al...
CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion
The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...
PT-2025-49231
The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendor dashboard/product/delete/ endpoint...
WordPress WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion vulnerability
Cross-Site Request Forgery to Vendor Product Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WC Vendors Marketplace versions = 2.6.4...
EUVD-2015-4373
Malware in sbrugna...
EUVD-2011-4332
Malware in sbrugna...
EUVD-2019-17690
Malware in sbrugna...
EUVD-2023-54759
Malicious code in bioql PyPI...
EUVD-2022-53269
Malicious code in bioql PyPI...
EUVD-2023-54760
Malicious code in bioql PyPI...
EUVD-2022-2993
Malicious code in bioql PyPI...
EUVD-2023-54762
Malicious code in bioql PyPI...
Improper Access Control
unopim/unopim is vulnerable to Improper Access Control. The vulnerability is due to insufficient privilege enforcement on the mass-delete endpoint, which allows an attacker without "Delete" permissions to bypass restrictions and delete products...