PT-2026-1579

Name of the Vulnerable Software and Affected Versions Premmerce WooCommerce Customers Manager plugin for WordPress versions through 1.1.14 Description The Premmerce WooCommerce Customers Manager plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to inadequate input...

PT-2025-53888

Name of the Vulnerable Software and Affected Versions Atte Moisio AM Events versions through 1.13.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can ...

PT-2025-53795

Name of the Vulnerable Software and Affected Versions Crocoblock JetBlog versions through 2.4.7 Description An authorization issue exists in Crocoblock JetBlog, allowing exploitation of incorrectly configured access control security levels. This can lead to unauthorized access. Recommendations...

PT-2025-53284

Name of the Vulnerable Software and Affected Versions Bit Assist versions through 1.5.11 Description An authorization issue exists in Bit Apps Bit Assist. The problem involves incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations Update B...

PT-2025-44618

Name of the Vulnerable Software and Affected Versions Groundhogg versions through 4.2.6 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be stored on...

PT-2025-43267

Name of the Vulnerable Software and Affected Versions Simple User Registration versions prior to and including 6.4 Description A privilege assignment issue exists in N-Media Simple User Registration. This allows for privilege escalation. Recommendations Update Simple User Registration to a versio...

PT-2025-33160 · Unknown · Idonatepro

Name of the Vulnerable Software and Affected Versions: IDonatePro versions through 2.1.9 Description: IDonatePro is susceptible to a PHP Local File Inclusion due to improper control of filename for include/require statements. This allows for the inclusion of local files. Recommendations: Update...

PT-2025-33228 · WordPress · Yith Woocommerce Popup

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Popup versions through 1.48.0 Description: A Cross-Site Request Forgery CSRF issue exists in YITH WooCommerce Popup, potentially allowing attackers to perform actions on behalf of authenticated users. Recommendations: Update...

PT-2025-32906 · Adobe · Substance3D - Painter

Name of the Vulnerable Software and Affected Versions: Substance3D - Painter versions 11.0.2 and earlier Description: Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read issue that may lead to the disclosure of sensitive memory. Exploitation of this issue...

PT-2025-32761 · Adobe · Illustrator

Name of the Vulnerable Software and Affected Versions: Illustrator versions 28.7.8 and earlier Illustrator version 29.6.1 and earlier Description: Illustrator is susceptible to an out-of-bounds write issue, potentially leading to arbitrary code execution with the privileges of the current user...

PT-2024-33257 · Rakuten · Rakuten Turbo 5G

Name of the Vulnerable Software and Affected Versions: Rakuten Turbo 5G firmware versions V1.3.18 and earlier Description: The issue is related to improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This could allow a remote authenticated...

PT-2024-34855 · Unknown · Narnoo Commerce Manager

Name of the Vulnerable Software and Affected Versions: Narnoo Commerce Manager versions 1.6.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

PT-2024-34831 · Elementor · Accordion Title For Elementor

Name of the Vulnerable Software and Affected Versions: Accordion title for Elementor versions 1.2.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker c...

PT-2024-32698 · Wedevs · Wedevs Wp Erp

Name of the Vulnerable Software and Affected Versions: weDevs WP ERP versions 1.13.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For...

PT-2024-30781 · Jegstudio · Jegstudio Gutenverse

Name of the Vulnerable Software and Affected Versions: Jegstudio Gutenverse versions 1.9.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker can...

PT-2024-30319 · Unknown · Antoine Hurkmans Football Pool

Name of the Vulnerable Software and Affected Versions: Antoine Hurkmans Football Pool versions n/a through 2.11.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacke...

PT-2024-37860 · WordPress · Vform

Name of the Vulnerable Software and Affected Versions: VForm plugin for WordPress versions up to, and including, 2.1.5 Description: The VForm plugin for WordPress is affected by a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. This allows...

PT-2024-27575 · Wpzoom · Wpzoom Beaver Builder Addons

Name of the Vulnerable Software and Affected Versions: WPZOOM Beaver Builder Addons versions 1.3.5 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal, which can potentially...

PT-2024-27376 · WordPress · Wp Scraper

Name of the Vulnerable Software and Affected Versions: WP Scraper versions 5.7 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. This issue allows an attacker to forge requests from the server, potentially leading to unauthorized access to internal resources...

PT-2024-14099 · Brainstorm Force · Projecthuddle Client Site

Name of the Vulnerable Software and Affected Versions: ProjectHuddle Client Site versions 1.0.34 and earlier Description: The issue is related to a Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site. Recommendations: For versions 1.0.34 and earlier, update to a...