PT-2025-46323

Name of the Vulnerable Software and Affected Versions Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress versions prior to 1.1.28 Description The Hydra Booking plugin for WordPress has a flaw where payment verification is absent, allowing unauthenticated users to bypas...

PT-2025-46322

Name of the Vulnerable Software and Affected Versions Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress versions prior to 1.1.28 Description The Hydra Booking plugin for WordPress is susceptible to unauthorized booking cancellations. This is caused by the use of...

CVE-2025-49963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through = 1.1.28...

WordPress plugin Simple Stripe Checkout 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

PT-2025-43224

Name of the Vulnerable Software and Affected Versions growniche Simple Stripe Checkout versions through 1.1.28 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This allows an...

EUVD-2025-9141

Malicious code in bioql PyPI...

WordPress Simple Stripe Checkout plugin <= 1.1.28 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Stripe Checkout versions = 1.1.28...

CVE-2025-49251 WordPress Fana theme <= 1.1.28 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.28...

CVE-2025-49251

CVE-2025-49251 is a Local File Inclusion vulnerability in the WordPress theme them bay Fana (versions up to 1.1.28) caused by improper control of include/require filenames in PHP. The issue enables PHP Local File Inclusion via a Local File Include vulnerability. Affected software is the Them bay ...

WordPress Fana theme <= 1.1.28 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Fana versions = 1.1.28...

WordPress Fana Theme <= 1.1.28 is vulnerable to Local File Inclusion

Software Fana Type Theme Vulnerable versions = 1.1.28 Fixed in 1.1.29 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49251 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ee30ced0791e Credits Phat RiO - BlueRock Required privilege...

Amazon Linux AMI : libxslt (ALAS-2025-1968)

The version of libxslt installed on the remote host is prior to 1.1.28-6.16. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1968 advisory. xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...

CVE-2025-31910

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through = 1.1.28...

CVE-2025-31910 WordPress BookingPress plugin <= 1.1.28 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through = 1.1.28...

WordPress Bradmax Player Plugin <= 1.1.27 is vulnerable to Cross Site Scripting (XSS)

Software Bradmax Player Type Plugin Vulnerable versions = 1.1.27 Fixed in 1.1.28 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37957 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e282b87fc01 Credits Jean Tirstan T Required privilege...

WordPress Plugin Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-25843

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" baimporter up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions...

WordPress plugin EmbedSocial 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

openSUSE Security Update : viewvc (openSUSE-2021-123)

This update for viewvc fixes the following issues : - update to 1.1.28 boo1167974, CVE-2020-5283 : - security fix: escape subdir lastmod file name 211 - fix standalone.py first request failure 195 - suppress stack traces with option to show 140 - distinguish text/binary/image files by icons 166,...

OPENSUSE-SU-2021:0123-1 Security update for viewvc

This update for viewvc fixes the following issues: - update to 1.1.28 boo1167974, CVE-2020-5283: security fix: escape subdir lastmod file name 211 fix standalone.py first request failure 195 suppress stack traces with option to show 140 distinguish text/binary/image files by icons 166, 175 colori...