WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Lorenzo Fradeani in WordPress Plugin WP Event SOlution versions = 4.1.8...

EUVD-2026-22231

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

MAL-2026-2537 Malicious code in @b2b-portal/form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...

CVE-2026-22242

CVE-2026-22242 (CoreShop) affects CoreShop prior to 4.1.8. A blind SQL injection exists in the admin reports path, enabling an authenticated administrator to extract database contents via inputs such as the store parameter. Root cause: unsanitized user input is concatenated into a SQL query, allo...

EUVD-2026-1677

CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by th...

CVE-2025-62054

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through = 4.1.8...

EUVD-2021-11789

Malware in sbrugna...

EUVD-2025-9457

Malicious code in bioql PyPI...

EUVD-2022-0495

Malicious code in bioql PyPI...

CVE-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

CVE-2021-24877

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed...

CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

CVE-2025-31580

Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry ni-woocommerce-product-enquiry allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ni WooCommerce Product Enquiry: from n/a through = 4.1.8...

Mastodon < 4.1.8 Multiples Vulnerabilities

According to its self-reported version number, the Mastodon application running on the remote host is prior to 3.5.14 or 4.0.x prior to 4.0.10 or 4.1.x prior to 4.1.8. It is, therefore, affected by multiples vulnerabilities : - A Stored XSS through the translation feature - A Server-side request...

PT-2024-18116 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: ECshop version 4.1.8 Description: A critical issue has been found in ECshop, affecting some unknown functionality of the file /admin/view sendlist.php. This issue leads to sql injection and can be exploited remotely. The exploit has been...

WordPress CMP - Coming Soon & Maintenance Plugin < 4.1.8 Improper Access Control Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:niteothemes:cmp"; ifdescription...

DEBIAN-CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

WordPress plugin Rezgo Online Booking 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...