PT-2026-4571

The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authentication and authorization checks in the 'handle checkout redirecturl response' function. This makes it...

WordPress WP Editor Plugin <= 1.2.9 is vulnerable to PHP Object Injection

Software WP Editor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.9.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2446 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 2c7bc2d905b6 Credits Rasoul Jahanshahi Required privilege...

WordPress Qi Blocks Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Qi Blocks Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5221 Patch priority Low CVSS severity Low 5.9 Developer Qode Interactive PSID 7421a294030a Credits wesley wcraft Required...

CVE-2022-29451

Cross-Site Request Forgery CSRF leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin = 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory...