WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Simple Membership versions = 4.7.1...

CVE-2025-28886

Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...

PT-2025-5524 · Unknown · Gwolle Guestbook

Name of the Vulnerable Software and Affected Versions: Gwolle Guestbook versions through 4.7.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...

WordPress plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WooCommerce PDF Invoices,...

PT-2023-24856 · Wpclever · Wpc Smart Wishlist For Woocommerce

Name of the Vulnerable Software and Affected Versions: WPClever WPC Smart Wishlist for WooCommerce plugin versions = 4.7.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

baserCMS 跨站脚本漏洞

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A cross-site scripting vulnerability exists in baserCMS 4.7.1 and earlier versions, which can be exploited by an attacker to execute malicious JavaScript code that may alter the display of a page or disclose...