Lucene search
K

4 matches found

EUVD
EUVD
added 2026/03/21 12:31 a.m.14 views

EUVD-2026-13814

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS6.1AI score0.07239EPSS
Exploits2References4
CVE
CVE
added 2026/03/11 2:19 a.m.17 views

CVE-2026-21292

Adobe Commerce (Magento) is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-21292) in multiple 2.4.x releases: 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier. Root cause: improper input validation allowing injection of malicious scripts into ...

5.4CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/14 8:27 p.m.20 views

CVE-2025-54266

CVE-2025-54266 affects Adobe Commerce (Magento Open Source) versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier. The issue is a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vu...

4.8CVSS5.2AI score0.00252EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/14 1:16 p.m.4 views

WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Trình Vũ / Sonicrrrr from VNPT-VCI Patchstack Alliance in WordPress Plugin Order Export & Order Import for WooCommerce versions = 2.4.9...

4.4CVSS7.3AI score0.00244EPSS
Exploits0Affected Software1
Rows per page
Query Builder