149 matches found
WordPress plugin Customer Reviews Collector for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-48234
The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2025-12663
The Jeba Cute forkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter in the 'jebaforkit' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-11859
The Paypal Donation Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in all versions up to, and including, 0.1. This is due to the plugin not properly sanitizing user input and output of the 'title' and 'text' parameters. This makes it possibl...
EUVD-2025-60931
The Jeba Cute forkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter in the 'jebaforkit' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-12663
The Jeba Cute forkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter in the 'jebaforkit' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-12663 Jeba Cute forkit <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Jeba Cute forkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter in the 'jebaforkit' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-12663
CVE-2025-12663 (Jeba Cute forkit WordPress plugin) is a Stored Cross-Site Scripting vulnerability in the jeba_forkit shortcode. The issue stems from insufficient input sanitization and output escaping of the text attribute, affecting all versions up to 1.0. Exploitation requires authenticated acc...
CVE-2025-11859 Paypal Donation Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Paypal Donation Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in all versions up to, and including, 0.1. This is due to the plugin not properly sanitizing user input and output of the 'title' and 'text' parameters. This makes it possibl...
CVE-2025-11859 Paypal Donation Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Paypal Donation Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in all versions up to, and including, 0.1. This is due to the plugin not properly sanitizing user input and output of the 'title' and 'text' parameters. This makes it possibl...
WordPress plugin Jeba Cute forkit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
PT-2025-46288
Name of the Vulnerable Software and Affected Versions Jeba Cute forkit plugin for WordPress versions prior to 1.1 Description The Jeba Cute forkit plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitization and output escaping of...
CVE-2025-52042
In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...
CVE-2025-52039
In Frappe ERPNext 15.57.5, the function getmaterialrequestsbasedonsupplier at erpnext/stock/doctype/materialrequest/materialrequest.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the txt parameter of the getrfqcontainingsupplier function against externally entered SQL statements. An attacker can...
CVE-2025-52042
In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...
CVE-2025-52039
In Frappe ERPNext 15.57.5, the function getmaterialrequestsbasedonsupplier at erpnext/stock/doctype/materialrequest/materialrequest.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter...
PT-2025-40243
Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get material requests based on supplier function located at erpnext/stock/doctype/material request/material request.py is susceptible to SQL Injection. An attacker can inject a SQL query into the...
CVE-2025-52042
CVE-2025-52042 affects Frappe ERPNext 15.57.5. The vulnerable component is the function get_rfq_containing_supplier() in erpnext/buying/doctype/request_for_quotation/request_for_quotation.py, due to lack of validation of the txt parameter against externally entered SQL, enabling SQL Injection to ...
PT-2025-40246
Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The get rfq containing supplier function located at erpnext/buying/doctype/request for quotation/request for quotation.py is susceptible to SQL Injection. An attacker can inject a SQL query through th...