20 matches found
CVE-2026-32261
Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied template content through Twig’s renderString function without...
CVE-2026-32261
Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied template content through Twig’s renderString function without...
CVE-2026-32261
The CVE concerns the Craft CMS Webhooks plugin. Versions 3.0.0–3.1.x render user-supplied Twig template content with Twig renderString() without sandbox protection, allowing an authenticated user with access to the Craft control panel and plugin permissions to inject Twig code that can call arbit...
CVE-2026-32261 RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin
Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied template content through Twig’s renderString function without...
CVE-2026-32261 RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin
Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied template content through Twig’s renderString function without...
CVE-2026-32261 RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin
Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied template content through Twig’s renderString function without...
RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin
The Webhooks plugin renders user-supplied template content through Twig’s renderString function without sandbox protection. This allows an authenticated user with access to the Craft control panel and permissions to access the Webhooks plugin to inject Twig template code that calls arbitrary PHP...
GHSA-8WG7-WM29-2RVG RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin
The Webhooks plugin renders user-supplied template content through Twig’s renderString function without sandbox protection. This allows an authenticated user with access to the Craft control panel and permissions to access the Webhooks plugin to inject Twig template code that calls arbitrary PHP...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft Studio. There is a security vulnerability in Craft CMS, which stems from the lack of sandbox protection in the rendering of template content provided by users through the Webhooks plugin. This vulnerability could allow...
PT-2026-25802
Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied template content through Twig’s renderString function without...
CVE-2025-66074
CVE-2025-66074 (WP Webhooks) is a real vulnerability in the WP Webhooks plugin by Cozmoslabs, allowing unauthenticated arbitrary file upload via path traversal in the wp-webhooks endpoint. Affected versions are WP Webhooks
CVE-2025-66073 WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through = 3.3.8...
EUVD-2024-54505
Malicious code in bioql PyPI...
CVE-2025-8895
The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to arbitrary locations...
CVE-2025-8895
CVE-2025-8895 affects the WP Webhooks plugin for WordPress. It allows unauthenticated arbitrary file copy due to missing input validation in all versions up to and including 3.3.5, enabling access to sensitive files (e.g., wp-config.php) and database credentials. The vulnerability is rated critic...
WordPress WP Webhooks plugin <= 3.3.5 - Unauthenticated Arbitrary File Copy vulnerability
Unauthenticated Arbitrary File Copy vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Webhooks versions = 3.3.5...
CVE-2024-13845
The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'processfeed' method of the GFWebhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...
CVE-2024-13845
The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'processfeed' method of the GFWebhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...
CVE-2024-13845
CVE-2024-13845 : Gravity Forms WebHooks (WordPress) is vulnerable to SSRF via GF_Webhooks::process_feed in all versions ≤ 1.6.0. Requires authenticated Admin+ access; can trigger requests to internal/internal-service locations. Remediation exists (patched in the records); upgrade to a fixed versi...
APSB24-40 : Security update available for Adobe Commerce
Adobe has released a security update for Adobe Commerce, Magento Open Source and Adobe Commerce Webhooks Plugin. This update resolves critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, security feature bypass and privilege escalation...