CVE-2022-41656 WordPress Account Manager for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...

WordPress plugin Account Manager for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

PT-2026-40895

Name of the Vulnerable Software and Affected Versions CC Child Pages versions prior to 2.1.2 Description The CC Child Pages plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Authenticated attackers with Contributor-lev...

CVE-2026-42603

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pullrequesttarget privileged trigger but checks out and executes code directly from the attacker's fork, enabling...

CVE-2026-42560 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...

CVE-2026-42560

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. ...

CVE-2026-6449

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...

CVE-2026-6449

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...

CVE-2026-6449 Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...

WordPress plugin Booking for Appointments and Events Calendar – Amelia 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-3595

CVE-2026-3595 affects the Riaxe Product Customizer plugin for WordPress. All versions up to and including 2.1.2 are vulnerable due to an unauthenticated authorization bypass: the plugin registers a REST API route POST /wp-json/InkXEProductDesignerLite/customer/delete_customer without a permission...

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated Arbitrary User Deletion via 'user_id' Parameter vulnerability

Unauthenticated Arbitrary User Deletion via 'userid' Parameter vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...

PT-2026-33264

Name of the Vulnerable Software and Affected Versions Riaxe Product Customizer versions prior to 2.1.3 Description An authorization bypass exists due to the registration of a REST API route ''/wp-json/InkXEProductDesignerLite/customer/delete customer'' without a permission callback. This...

PT-2026-33266

Name of the Vulnerable Software and Affected Versions Riaxe Product Customizer versions prior to 2.1.3 Description An issue exists in the Riaxe Product Customizer plugin for WordPress where unauthenticated attackers can append additional SQL queries to existing ones to extract sensitive informati...

WordPress plugin Riaxe Product Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Riaxe Product Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

WordPress Alloggio - Hotel Booking theme = 2.1.2 - PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Alloggio - Hotel Booking versions = 2.1.2...

UBUNTU-CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...