Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can cause unauthorized remote image loading by embedding specially crafted SVG content with animate elements using attributes such as fill,...

CVE-2026-32398

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...

CVE-2026-32398 WordPress TeraWallet – For WooCommerce plugin <= 1.5.15 - Race Condition vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...

CVE-2026-32398

CVE-2026-32398: The Red Hat/NVD/CCVE and CVE records identify a race-condition vulnerability in the WordPress TeraWallet – For WooCommerce plugin, affecting versions up to and including 1.5.15. The issue is described as Concurrent Execution using a Shared Resource with Improper Synchronization, i...

CVE-2026-32398 WordPress TeraWallet – For WooCommerce plugin <= 1.5.15 - Race Condition vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...

CVE-2026-24612

Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...

CVE-2026-24612

Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...

CVE-2026-24612 WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...

CVE-2026-24612

CVE-2026-24612 is a missing Authorization vulnerability in the WordPress plugin/theme Orchid Store (theme version 1.5.15) or apply vendor-provided fixes once available. If no upgrade is feasible, monitor for official patches and advisories from the vendor.

WordPress plugin Orchid Store has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

PT-2026-4444

Name of the Vulnerable Software and Affected Versions Orchid Store versions through 1.5.15 Description An issue exists in Orchid Store related to incorrectly configured access control security levels, allowing for missing authorization. The vulnerability allows exploitation due to this access...

WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by John P in WordPress Theme Orchid Store versions = 1.5.15...

CVE-2023-45831

Cross-Site Request Forgery CSRF vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin = 1.5.15 versions...

CVE-2020-36736

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...

CVE-2023-28533

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in M Williams Cab Grid plugin = 1.5.15 versions...

WordPress plugin Cab Grid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2020-36736

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...

WordPress Plugin WooCommerce Checkout & Funnel Builder by CartFlows 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-11876 · Cartflows · Woocommerce Checkout & Funnel Builder By Cartflows

Name of the Vulnerable Software and Affected Versions: WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress versions up to, and including, 1.5.15 Description: The issue is due to missing or incorrect nonce validation on the export json, import json, and status logs file...

WordPress Cab Grid Plugin <= 1.5.15 is vulnerable to Cross Site Scripting (XSS)

Software Cab Grid Type Plugin Vulnerable versions = 1.5.15 Fixed in 1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28533 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b5fcc0bdddbf Credits Yuki Haruma Required privilege...