CVE-2026-39701

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

CVE-2026-39701 WordPress ShopWP plugin <= 5.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

CVE-2026-39701

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

EUVD-2026-18971

The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpscdisplayproduct' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-30308

Name of the Vulnerable Software and Affected Versions The Simple Shopping Cart plugin for WordPress versions up to and including 5.2.4 Description The Simple Shopping Cart plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'wpsc display product' shortcode. Insufficient...

CVE-2026-30964 Webauthn Framework: allowed_origins collapses URL-like origins to host-only values, bypassing exact origin validation

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

CVE-2026-30964

The connected GHSA entry describes a concrete vulnerability in Webauthn Framework: when allowed_origins is configured, CheckAllowedOrigins reduces URL-like origins to their host, causing mismatched origins (scheme/port) to be treated as the same host. This bypasses the strict origin validation re...

CVE-2026-30964

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

CVE-2022-23314

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do...

PT-2026-1479

Name of the Vulnerable Software and Affected Versions Ninja Tables versions through 5.2.4 Description A flaw exists in Ninja Tables that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue could potentially allow an attacker to...

CVE-2025-68561 WordPress AutomatorWP plugin <= 5.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4...

EUVD-2025-204793

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4...

CVE-2025-68561

CVE-2025-68561 concerns the WordPress AutomatorWP plugin (versions up to 5.2.4). The vulnerability stems from improper neutralization of special elements in SQL commands, caused by lack of validation of externally supplied SQL statements, enabling SQL injection. Public sources in connected docume...

WordPress plugin AutomatorWP SQL注入漏洞

WordPress AutomatorWP plugin is an open source automation plugin designed for WordPress that allows users to connect different WordPress plugins, sites and applications in a code-free way to create automated workflows. WordPress AutomatorWP plugin suffers from a SQL injection vulnerability that...

CVE-2025-1031

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-13135

The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-13135 HotelRunner Booking Widget <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-13135

CVE-2025-13135: HotelRunner Booking Widget (WordPress) is affected by Stored Cross-Site Scripting via the hotelrunner shortcode in versions

WordPress plugin HotelRunner Booking Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...

CVE-2016-15053 Nagios XI < 5.2.4 XSS via “My Reports” Listing

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...