CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

CVE-2026-2019 Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

WordPress Cart All In One For WooCommerce plugin <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting vulnerability

Authenticated Administrator+ Code Injection via 'scassignpage' Setting vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Cart All In One For WooCommerce versions = 1.1.21...

PT-2026-20296

Name of the Vulnerable Software and Affected Versions Cart All In One For WooCommerce versions prior to 1.1.22 Description The Cart All In One For WooCommerce plugin for WordPress is susceptible to code execution. This occurs because of inadequate input validation on the 'Assign page' field, whic...

WordPress plugin Cart All In One For WooCommerce 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

EUVD-2024-0618

Malicious code in bioql PyPI...

CVE-2025-58633

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through = 1.1.21...

CVE-2025-58633

CVE-2025-58633 affects Booking Ultra Pro (WordPress plugin) up to version 1.1.21. It is a Stored XSS vulnerability caused by improper input neutralization during web page generation. Impact is user content/site compromise where attacker-supplied input could be stored and reflected in pages. The i...

CVE-2025-58633 WordPress Booking Ultra Pro Plugin <= 1.1.21 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Stored XSS.This issue affects Booking Ultra Pro: from n/a through = 1.1.21...

CVE-2025-27143

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

CVE-2025-27143 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

WordPress BookingPress plugin <= 1.1.21 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin BookingPress versions = 1.1.21...

WordPress plugin Aramex Shipping WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37722 · WordPress · Aramex Shipping Woocommerce

Name of the Vulnerable Software and Affected Versions: Aramex Shipping WooCommerce plugin for WordPress versions up to, and including, 1.1.21 Description: The issue allows unauthenticated attackers to retrieve the full path of the web application, which can aid other attacks. This is due to the...

Cross site scripting

MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...

CVE-2024-26135 MeshCentral cross-site websocket hijacking (CSWSH) vulnerability

MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...

CVE-2023-27032

Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups...

PYSEC-2021-60

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pypi as "tenable-jira-cloud". In tenable-jira-cloud before version 1.1.21, it is possible to run...

ACDSee Free User Mode Write Access Conflict Vulnerability (CNVD-2019-24223)

ACDSee is an image manager, viewer and editor program for Windows, macOS and iOS developed by ACD Systems International.ACDSee Free is the free version of ACDSee. ACDSee Free 1.1.21 suffers from a user mode write access conflict vulnerability starting at...

ACDSee Free User Mode Write Access Conflict Vulnerability (CNVD-2019-24227)

ACDSee is an image manager, viewer and editor program for Windows, macOS and iOS developed by ACD Systems International.ACDSee Free is the free version of ACDSee. ACDSee Free 1.1.21 suffers from a user mode write access conflict vulnerability starting at IDEACDStd!JPEGTransW+0x00000000000024ed. A...