WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme = 2.2.7 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Claue - Clean, Minimal Elementor WooCommerce Theme versions = 2.2.7...

CVE-2025-14075

CVE-2025-14075 affects the WP Hotel Booking plugin for WordPress (versions up to and including 2.2.7). The vulnerability exposes the unauthenticated AJAX action hotel_booking_fetch_customer_info without proper capability checks, relying only on a nonce. This allows unauthenticated attackers to re...

📄 Flowise 3.0.6 JS Parsing Injection

A JavaScript parsing injection vulnerability exists in Flowise versions prior to 3.0.6 and greater than 2.2.7-patch.1. ============================================================================================================================================= | Title : Flowise 3.0.6 JS Parsing...

CVE-2025-11987 Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Easy Elementor Addons versions = 2.2.7...

WordPress plugin JetTabs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress plugin Child Themes Helper 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plug...

PT-2025-4734 · Wp E Commerce · Wpecommerce Sell Digital Downloads

Name of the Vulnerable Software and Affected Versions: wpecommerce Sell Digital Downloads versions 2.2.7 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...

PT-2024-14154 · Woocommerce · Woocommerce Warranty Requests

Name of the Vulnerable Software and Affected Versions: WooCommerce Warranty Requests versions 2.2.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in Woo WooCommerce Warranty Requests. This vulnerability affects WooCommerce Warranty Requests from version n/...

CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

PT-2023-23633 · WordPress · Adastra Crypto Cryptocurrency Payment & Donation Box

Name of the Vulnerable Software and Affected Versions: Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free versions n/a through 2.2.7 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQ...

CVE-2022-31121

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

CMS Made Simple Remote Code Execution Vulnerability (CNVD-2018-08983)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A remote code execution vulnerability exists in th...

CMS Made Simple Information Disclosure Vulnerability (CNVD-2018-08918)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. An information disclosure vulnerability exists in...