Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

EUVD-2006-4789

Malware in sbrugna...

EUVD-2024-2716

Malicious code in bioql PyPI...

CVE-2024-1489

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attacker...

CVE-2025-47682

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications – WooCommerce allows SQL Injection.This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.8.2...

CVE-2025-47682 WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.8.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.8.1...

WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via saverify Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin SMS Alert Order Notifications versions = 3.8.1...

CVE-2025-3878

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's saverify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-3876

CVE-2025-3876 affects SMS Alert Order Notifications – WooCommerce (WordPress). The vulnerability is a Privilege Escalation due to insufficient OTP validation in handleWpLoginCreateUserAction(), affecting all versions up to 3.8.1. Authenticated users with Subscriber+ access can impersonate other a...

CVE-2025-3876 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with...

PT-2025-20621 · WordPress · Sms Alert Order Notifications

Name of the Vulnerable Software and Affected Versions: SMS Alert Order Notifications – WooCommerce plugin for WordPress versions up to, and including, 3.8.1 Description: The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient...

CVE-2025-26988

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.7.8...

CVE-2025-26988 WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.7.8...

CVE-2024-10581

creationtimestamp| type| source ---|---|--- 2025-02-15 11:29:27+00:00| seen| https://infosec.exchange/users/cve/statuses/114007668628837902 2025-02-15 12:15:53+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li7p2domhr2i 2025-02-15 13:11:17+00:00| seen|...

CVE-2025-0740

creationtimestamp| type| source ---|---|--- 2025-01-30 11:16:00+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxeajuefg2h 2025-01-30 11:30:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113917075552632233 2025-01-30 12:59:36+00:00| seen|...

CVE-2024-57650

creationtimestamp| type| source ---|---|--- 2025-01-14 01:08:16+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1439 2025-01-14 01:17:22+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfo3depnj52n 2025-01-14 02:31:33+00:00| seen|...

CVE-2025-22134

creationtimestamp| type| source ---|---|--- 2025-01-13 20:47:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113823005501409680 2025-01-13 20:50:01+00:00| seen| https://infosec.exchange/users/cR0w/statuses/113823016558641219 2025-01-13 21:12:13+00:00| seen|...

CVE-2024-56250

creationtimestamp| type| source ---|---|--- 2025-01-02 12:21:08+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2ta73nl25 2025-01-02 12:42:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ler3zpvkyj2e 2025-01-02 14:15:20+00:00| seen|...

CVE-2024-53188

creationtimestamp| type| source ---|---|--- 2024-12-27 14:16:41+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6iaxavo22 2024-12-27 15:22:02+00:00| seen| https://infosec.exchange/users/cve/statuses/113725467667751524...

PT-2024-16130 · WordPress · Sms Alert Order Notifications

Name of the Vulnerable Software and Affected Versions: SMS Alert Order Notifications – WooCommerce plugin for WordPress versions up to, and including, 3.7.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sa subscribe shortcode due to insufficient input...