WordPress YML for Yandex Market plugin < 5.0.26 - Shop Manager+ RCE via Feed Generation vulnerability

Shop Manager+ RCE via Feed Generation vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin YML for Yandex Market versions 5.0.26...

PT-2026-31880

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...

WordPress plugin YML for Yandex Market 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-32567

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through 5.3.0...

CVE-2026-32567

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through 5.3.0...

CVE-2026-32567

CVE-2026-32567 affects the WordPress plugin WordPress YML for Yandex Market (

CVE-2026-32567 WordPress YML for Yandex Market plugin < 5.3.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through 5.3.0...

PT-2026-28061

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through 5.3.0...

CVE-2026-29075

CVE-2026-29075 affects Mesa (Python library for agent‑based modeling). In versions up to 3.5.0, checking out untrusted code in the benchmarks.yml workflow can lead to code execution in a privileged runner. The issue has been patched in commit c35b8cd. No exploitation details are provided beyond t...

CVE-2020-7650

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json...

CVE-2025-64232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

EUVD-2025-38059

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

CVE-2025-64232

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

CVE-2025-64232 WordPress Import from YML plugin <= 3.1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through = 3.1.17...

CVE-2025-64232

CVE-2025-64232 affects the WordPress Import from YML plugin (versions through 3.1.17). The vulnerability is a reflected cross-site scripting (XSS) flaw caused by improper neutralization of input during web page generation, enabling attacker-controlled input to be reflected in resulting pages. Imp...

WordPress plugin Import from YML 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

better-config-loader (>=0.1.4 <=0.2.4), brainwires-skills (>=0.2.0 <=0.6.0) +62 more potentially affected by unknown CVE via serde_yml (>=0.0.10 <=0.0.12)

serdeyml CARGO version =0.0.10, =0.1.4, =0.2.0, =0.33.0, =0.3.0, =0.1.5, =0.9.0, =0.3.0, =0.10.0, =0.3.2, =0.1.0, =1.2.0, =1.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HHW4-XG65-FP2X...

CVE-2023-30473

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maxim Glazunov YML for Yandex Market plugin = 3.10.7 versions...

DRUPAL-CONTRIB-2025-060

This module enables you to seamlessly migrate and deploy content across environments, eliminating manual steps. It simplifies the process by exporting content to a YML file or a ZIP archive, which can be imported into another environment effortlessly. While the export feature rightfully bypasses...

CVE-2024-9378

The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...