EUVD-2026-22091

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution RCE. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Por...

CVE-2026-22564

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation:...

CVE-2026-22566

CVE-2026-22566 describes an improper access control vulnerability in UniFi Play components. Affected: UniFi Play PowerAmp (<= 1.0.35) and UniFi Play Audio Port (

CVE-2026-22566

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

CVE-2025-10570

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the saverefundrequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit...

CVE-2025-10570

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the saverefundrequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit...

CVE-2025-10570

CVE-2025-10570 affects the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions

CVE-2025-10570 Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the saverefundrequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit...

WordPress plugin Flexible Refund and Return Order for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-39572

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Stored XSS.This issue affects Checkout for PayPal: from n/a through = 1.0.38...

WordPress plugin Checkout for PayPal 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...