CVE-2025-10734

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated...

CVE-2025-10679

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenReviews function that...

CVE-2025-10731

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

CVE-2025-10734 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated...

CVE-2025-10731 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

CVE-2025-68498

Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through = 2.2.12...

CVE-2025-68499

CVE-2025-68499 describes a DOM-Based XSS in Crocoblock’s JetTabs WordPress plugin (JetTabs) up to version 2.2.12. The issue arises from improper neutralization of input during web page generation, enabling stored XSS when a user interacts with JetTabs. Affected software: Crocoblock JetTabs (WordP...

CVE-2025-68499 WordPress JetTabs plugin <= 2.2.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through = 2.2.12...

EUVD-2018-19057

Malware in sbrugna...

PT-2025-40851

Name of the Vulnerable Software and Affected Versions Mangati NovoSGA versions up to 2.2.12 Description A weakness exists in Mangati NovoSGA up to version 2.2.12 related to weak password requirements during user creation. The issue is located in the User Creation Page component, specifically with...

Mangati NovoSGA 安全漏洞

Mangati NovoSGA is a service management system from the Brazilian company Mangati. A security vulnerability exists in Mangati NovoSGA version 2.2.12 and earlier, which stems from incorrect manipulation of the parameter Senha/Confirmação da senha in the User Creation page, and could result in a we...

CVE-2025-30940

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in melipayamak Melipayamak melipayamak allows Stored XSS.This issue affects Melipayamak: from n/a through = 2.2.12...

WordPress plugin Melipayamak 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

CVE-2023-6064

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur...

CVE-2018-16216

A command injection missing input validation, escaping in the monitoring or memory status web interface in AudioCodes 405HD firmware 2.2.12 VoIP phone allows an authenticated remote attacker in the same network as the device to trigger OS commands like starting telnetd or opening a reverse shell...

WordPress plugin WhatsApp Click to Chat Plugin for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Sign-up Sheets 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress SEUR Oficial Plugin <= 2.2.11 is vulnerable to Cross Site Scripting (XSS)

Software SEUR Oficial Type Plugin Vulnerable versions = 2.2.11 Fixed in 2.2.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9438 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09ee4a264f33 Credits vgo0 Required...

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46308 DESCRIPTION: Plotly plotly.js could allow a remote...

CVE-2023-4874 affecting package mutt for versions less than 2.2.12-1

CVE-2023-4874 affecting package mutt for versions less than 2.2.12-1. An upgraded version of the package is available that resolves this issue...