CVE-2025-12842

CVE-2025-12842 concerns the WordPress Booking Plugin for Appointments – Time Slot (timeslot) plugin. The vulnerability is an unauthenticated arbitrary email-sending flaw caused by missing validation on the tslot_appt_email AJAX action, allowing attackers to compose and send emails to arbitrary re...

PT-2025-46804

Name of the Vulnerable Software and Affected Versions HasThemes WP Plugin Manager versions through 1.4.7 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This allows an attacker to potentially perform actions on behalf of an authenticated user without their...

WordPress plugin Lazy Load Optimizer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

ai-dynamo (=0.1.0), bento-sgl-router (>=0.0.1 <=0.0.6) +23 more potentially affected by CVE-2025-32375 via bentoml (>=1.0.0a7 <=1.4.7)

bentoml PYPI version =1.0.0a7, =0.0.1, =0.2.3, =0.1.0, =0.0.1, =1.0.1, =0.1.0, =0.2.0, =0.3.12, =0.0.1, =1.0.3, =1.0.4 and more Source cves: CVE-2025-32375 Source advisory: SNYK:PYTHON-BENTOML-9679274...

PT-2024-17575 · WordPress · Woocommerce Additional Fees On Checkout

Name of the Vulnerable Software and Affected Versions: WooCommerce Additional Fees On Checkout Free plugin for WordPress versions up to, and including, 1.4.7 Description: The issue is related to Reflected Cross-Site Scripting via the number parameter due to insufficient input sanitization and...

WordPress WooCommerce Additional Fees On Checkout (Free) plugin <= 1.4.7 - Reflected Cross-Site Scripting via 'number' vulnerability

Reflected Cross-Site Scripting via 'number' vulnerability discovered by vgo0 in WordPress Plugin WooCommerce Additional Fees On Checkout Free versions = 1.4.7...

PT-2024-35257 · Unknown · Reconstruction

Name of the Vulnerable Software and Affected Versions: ReConstruction versions 1.4.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For versions...

playSMS Security Vulnerabilities

playSMS is an open source SMS Short Message Service management software from Anton Raharja, an individual developer in India. A security vulnerability exists in playSMS 1.4.7 and earlier versions, which stems from the fact that manipulation of the parameters name/message can lead to basic...

OpenCart < 1.4.8 CSRF Vulnerability

OpenCart is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...