40 matches found
CVE-2025-12358
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...
CVE-2025-12358 ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...
CVE-2025-12358 ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...
EUVD-2025-200980
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...
CVE-2025-12358
CVE-2025-12358 concerns ShopEngine Elementor WooCommerce Builder Addon for WordPress. Wordfence and related feeds describe a Cross-Site Request Forgery vulnerability in all versions up to 4.8.5, caused by missing nonce validation on the post_add_to_list function and an incorrect permissions callb...
WordPress ShopEngine plugin <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation vulnerability
Cross-Site Request Forgery to Wishlist Manipulation vulnerability discovered by Adrian Lukita in WordPress Plugin ShopEngine versions = 4.8.5...
WordPress plugin ShopEngine Elementor WooCommerce Builder Addon 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site request...
PT-2025-48803
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "post add to list" function as well as an incorrect permissions callback in the "Api/init...
CVE-2025-11888
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...
WordPress plugin ShopEngine Elementor WooCommerce Builder Addon 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
CVE-2025-11888
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...
CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...
CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...
CVE-2025-11888
The CVE-2025-11888 entry concerns the WordPress plugin ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution. Affected versions are
EUVD-2025-35906
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...
WordPress ShopEngine plugin <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update vulnerability
Incorrect Authorization to Authenticated Editor+ License Status Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin ShopEngine versions = 4.8.4...
PT-2025-43708
Name of the Vulnerable Software and Affected Versions ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution versions prior to 4.8.5 Description The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress has a flaw that allo...
EUVD-2005-4540
Malware in sbrugna...
EUVD-2022-48268
Malicious code in bioql PyPI...
CVE-2025-10173
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the postsave function in all versions up to, and including, 4.8.3. This makes it possible for authenticated...