28 matches found
EUVD-2026-35315
The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...
CVE-2026-8904 FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save
The FastPicker, an order picker and order management system oms for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes i...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 11, 2026 to May 17, 2026)
Last week, there were 78 vulnerabilities disclosed in 62 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)
Last week, there were 87 vulnerabilities disclosed in 198 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)
Last week, there were 139 vulnerabilities disclosed in 118 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...
CVE-2026-41455
WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)
Last week, there were 157 vulnerabilities disclosed in 141 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 79 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)
Last week, there were 56 vulnerabilities disclosed in 50 WordPress Plugins that have been added to the Wordfence Intelligence Vulnerability Database, and there were 38 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to...
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 19, 2026 to January 25, 2026)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 12, 2026 to January 18, 2026)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 17, 2025 to November 23, 2025)
Last week, there were 167 vulnerabilities disclosed in 152 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
BIT-GITLAB-2024-7803 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...
CVE-2024-7803
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...
CVE-2024-7803
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 24, 2025 to March 30, 2025)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 24, 2025 to March 2, 2025)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the webhook integration process. An attacker can execute arbitrary scripts in the context of the victim's browser session by injecting malicious payloads into the webhook settings. Details Cross-site...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)
Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 2, 2024 to September 8, 2024)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers c...