CVE-2026-3041

A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cro...

PT-2026-21571

Name of the Vulnerable Software and Affected Versions xingfuggz BaykeShop versions up to 1.3.20 Description A security issue exists in xingfuggz BaykeShop, specifically within the Article Sidebar Module. Manipulation of the sidebar.content argument in the file...

WordPress Premmerce plugin <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'premmercewizardactions' AJAX Endpoint vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Premmerce versions = 1.3.20...

CVE-2026-0555 Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint

The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmercewizardactions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the state parameter. Thi...

CVE-2026-0555 Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint

The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmercewizardactions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the state parameter. Thi...

PT-2026-6887

Name of the Vulnerable Software and Affected Versions Premmerce plugin for WordPress versions up to and including 1.3.20 Description The Premmerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the premmerce wizard actions API endpoint. The issue stems from a lack of...

WordPress plugin Premmerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2023-43757

Malicious code in bioql PyPI...

EUVD-2022-6975

Malicious code in bioql PyPI...

CVE-2025-54030

Cross-Site Request Forgery CSRF vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through = 1.3.20...

WordPress plugin WooCommerce Google Sheet Connector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-50021 WordPress Better Random Redirect plugin <= 1.3.20 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert Peake Better Random Redirect better-random-redirect allows Stored XSS.This issue affects Better Random Redirect: from n/a through = 1.3.20...

CVE-2024-25914

Cross-Site Request Forgery CSRF vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20...

CVE-2023-3065

Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20...

CVE-2023-3066

Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20...

CVE-2023-3064

Anonymous user may get the list of existing users managed by the application, that could ease further attacks see CVE-2023-3065 and 3066This issue affects Mobatime mobile application AMXGT100 through 1.3.20...

CVE-2022-3225

Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20...

CVE-2024-56258 WordPress Magazine Blocks plugin <= 1.3.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBlockArt Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.20...

CVE-2024-56258

CVE-2024-56258 affects Magazine Blocks for WordPress (WPBlockArt Magazine Blocks) with a Stored XSS in magazine content: improper neutralization of input during web page generation. Affected versions are Magazine Blocks up to 1.3.20 (as per CVE entry). The vulnerability allows an attacker to trig...

WordPress plugin Magazine Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...