15 matches found
CVE-2026-56023
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...
CVE-2026-10514
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...
CVE-2026-10514 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting
A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...
CVE-2026-27045
Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through = 1.6.2...
CVE-2025-69372
Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through = 1.6.2...
CVE-2025-69372 WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through = 1.6.2...
WordPress EmailKit plugin <= 1.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin EmailKit versions = 1.6.2...
CVE-2025-67516
CVE-2025-67516 concerns the Store Locator WordPress plugin (Store Locator WordPress, agile-store-locator) with versions up to 1.6.2. The underlying issue is an SQL Injection vulnerability caused by improper neutralization of input used in SQL commands, described as a Blind SQL Injection in public...
CVE-2025-67516 WordPress Store Locator WordPress plugin <= 1.6.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through = 1.6.2...
CVE-2025-53461 WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery SSRF vulnerability in Binsaifullah Beaf allows Server Side Request Forgery. This issue affects Beaf: from n/a through 1.6.2...
CVE-2025-53461 WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery SSRF vulnerability in Binsaifullah Beaf image-compare-block allows Server Side Request Forgery.This issue affects Beaf: from n/a through = 1.6.2...
CVE-2025-53461
CVE-2025-53461 is a Server-Side Request Forgery (SSRF) vulnerability in Beaf (Beaf – Photo Comparison Block) affecting Beaf versions up to 1.6.2. The Beaf entry (Beaf
CVE-2025-27362
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Petito bw-petito allows PHP Local File Inclusion.This issue affects Petito: from n/a through 1.6.6...
CVE-2025-26581 WordPress Picture Gallery plugin <= 1.6.3 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in videowhisper Picture Gallery picture-gallery allows Reflected XSS.This issue affects Picture Gallery: from n/a through = 1.6.3...
CVE-2021-42358
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the /cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2...