WordPress Order Minimum/Maximum Amount Limits for WooCommerce plugin <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting via Hide Add to Cart Content Fields vulnerability discovered by whizzu in WordPress Plugin Order Minimum/Maximum Amount Limits for WooCommerce versions = 4.6.8...

CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

GL.iNet AX1800 安全漏洞

The GL.iNet AX1800 is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.6.4 and 4.6.8, which stems from a competing condition in the opkg wrapper script that could lead to elevated privileges...

CVE-2025-62015

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.6.8...

EUVD-2025-35390

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.6.8...

CVE-2025-62015

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.6.8...

CVE-2025-62015 WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.6.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.6.8...

CVE-2024-2347

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

CVE-2024-37316

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2...

PT-2024-27473 · Nextcloud · Nextcloud Calendar

Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar versions prior to 4.6.8 Nextcloud Calendar versions prior to 4.7.2 Description: The issue allows authenticated users to create an event with manipulated attachment data, leading to a bad redirect for participants when...

PT-2024-19888 · WordPress · Astra

Name of the Vulnerable Software and Affected Versions: Astra theme for WordPress versions up to, and including, 4.6.8 Description: The issue is related to Stored Cross-Site Scripting via a user's display name due to insufficient input sanitization and output escaping. This allows authenticated...

Medium: ipa

Issue Overview: A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. CVE-2024-1481 Affected Packages: ipa Note: This advisory ...

Malicious code in casino-prismic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 906aeb8612a57f084f489c6478da61b9c148272104fed2d5838a07b97704cd26 The OpenSSF Package Analysis project identified 'casino-prismic' @ 4.6.8 npm as malicious. It is considered malicious because: - The package...

CVE-2023-45640

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin = 4.6.8 versions...

WordPress WP ULike Plugin <= 4.6.8 is vulnerable to Cross Site Scripting (XSS)

Software WP ULike Type Plugin Vulnerable versions = 4.6.8 Fixed in 4.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45640 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fea9db9362c7 Credits Rafshanzani Suhada...

WordPress YouTube Playlist Player Plugin <= 4.6.7 is vulnerable to Cross Site Scripting (XSS)

Software YouTube Playlist Player Type Plugin Vulnerable versions = 4.6.7 Fixed in 4.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45049 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a841ece82073 Credits yuyudhn Require...

Openfire Authentication Bypass / Remote Code Execution Exploit

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

GHSA-GW42-F939-FHVM Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection

Exploit Title: Joomla! Component J-BusinessDirectory v4.6.8 - SQL Injection Google Dork: inurl:index.php?option=comjbusinessdirectory Date: 21.02.2017 Vendor Homepage: http://www.cmsjunkie.com/ Software Buy: http://www.cmsjunkie.com/ajax/index/options/productid/73/ Demo:...