1034 matches found
PT-2025-43858
Cross-Site Request Forgery CSRF vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through = 0.6...
CVE-2025-49947
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...
WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin FanBridge signup versions = 0.6...
CVE-2025-49947
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...
CVE-2025-60211
CVE-2025-60211 concerns an Incorrect Privilege Assignment vulnerability in the WordPress plugin extendons-registration-fields (WooCommerce Registration Fields Plugin - Custom Signup Fields). The issue arises from improper privilege assignment, enabling privilege escalation. Affected are the plugi...
CVE-2025-60211 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through = 3.2.3...
CVE-2025-49947 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...
CVE-2025-49947 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup...
CVE-2025-49947
CVE-2025-49947 relates to the WordPress plugin extendons-registration-fields (WooCommerce Registration Fields Plugin – Custom Signup Fields). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation, applicable to versions u...
CVE-2025-61455
SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access...
CVE-2025-62642
The Restaurant Brands International RBI assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account...
EUVD-2025-35047
SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access...
E-commerce 安全漏洞
E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce version 1.0 that stems from the signup.inc.php endpoint not cleaning up user input, which could lead to SQL injection attacks and authentication bypass...
CVE-2025-61455
SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access...
CVE-2025-61455
SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access...
CVE-2025-61455
CVE-2025-61455 describes a SQL Injection in the E-commerce project (v1.0) signup.inc.php, caused by directly using unsanitized user input in SQL queries. The vulnerability enables unauthenticated authentication bypass and full backend access; the exposed parameter is typically the email field wit...
CVE-2025-62642
The Restaurant Brands International RBI assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account...
CVE-2025-62642
The Restaurant Brands International RBI assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account...
CVE-2025-62642
The RBI assistant platform (Restaurant Brands International) through 2025-09-06 exposes an unauthenticated account-creation API labeled “Anyone Can Join This Party,” which does not verify user account creation. This allows a remote, unauthenticated attacker to create user accounts. Connected sour...
CVE-2025-62642
The Restaurant Brands International RBI assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account...