CVE-2025-12411 Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Authenticated (Subscriber+) SQL Injection

The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-12411

CVE-2025-12411 affects the Premmerce Wholesale Pricing for WooCommerce plugin (WordPress). It is an authenticated SQL Injection via the ID parameter in versions

PT-2025-47258

Name of the Vulnerable Software and Affected Versions Premmerce Wholesale Pricing for WooCommerce plugin for WordPress versions up to and including 1.1.10 Description The software contains a SQL Injection issue due to insufficient escaping of user-supplied parameters and inadequate preparation of...

CVE-2025-57310

A Cross-Site Request Forgery CSRF vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads=1 allowing attackers to execute arbitrary code...

CVE-2025-57310

A Cross-Site Request Forgery CSRF vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code...

CVE-2025-4522

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the adminpostdonordelete function in versions 2.0.0 to 2.1.9. By supplying an arbitrary userid parameter value to the wpdeleteuser function, authenticated...

EUVD-2018-8085

Malware in sbrugna...

CVE-2025-9886

The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.20.2. This is due to missing or incorrect nonce validation in the '/admin/inc/post-management.php' file. This...

PT-2025-40624

Name of the Vulnerable Software and Affected Versions Trinity Audio – Text to Speech AI audio player plugin for WordPress versions prior to 5.20.2 Description The software is susceptible to Cross-Site Request Forgery. This is because of a lack of, or incorrect, nonce validation in the...

EUVD-2025-25275

Malicious code in bioql PyPI...

EUVD-2025-25765

Malicious code in bioql PyPI...

CVE-2025-9432

A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-9432

A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-9432 mtons mblog Admin Panel list cross site scripting

A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-9432

CVE-2025-9432 affects mtons mblog up to version 3.5.0, specifically the Admin Panel component in /admin/post/list where manipulating the Title argument enables cross-site scripting. The vulnerability can be triggered remotely and has been publicly disclosed. Exploitation details are not provided ...

mblog 安全漏洞

mblog is a blogging system by langhsu personal developer. A security vulnerability exists in mblog 3.5.0 and earlier versions, which originates from a cross-site scripting attack due to a mishandling of the Title parameter in the file /admin/post/list...

CVE-2025-54174

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

PT-2025-34051

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS affected versions not specified Description: QuickCMS is vulnerable to Cross-Site Request Forgery in the article creation functionality. A malicious attacker can craft a special website that, when visited by an...

CVE-2025-6009

A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-6006

A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. T...