PT-2025-9068 · WordPress · Order Attachments For Woocommerce

Name of the Vulnerable Software and Affected Versions: Order Attachments for WooCommerce plugin for WordPress version 2.5.1 and earlier Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, which can contain file...

WordPress plugin Order Attachments for WooCommerce 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2025-26897

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Baden List Related Attachments list-related-attachments-widget allows DOM-Based XSS.This issue affects List Related Attachments: from n/a through = 2.1.6...

CVE-2025-26897

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Baden List Related Attachments list-related-attachments-widget allows DOM-Based XSS.This issue affects List Related Attachments: from n/a through = 2.1.6...

CVE-2025-26897 WordPress List Related Attachments plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Baden List Related Attachments list-related-attachments-widget allows DOM-Based XSS.This issue affects List Related Attachments: from n/a through = 2.1.6...

CVE-2025-26897

CVE-2025-26897 concerns a Cross-Site Scripting (DOM-based) vulnerability in the WordPress plugin List Related Attachments (vulnerable through 2.1.6). The issue stems from improper input neutralization during web page generation, enabling DOM‑based XSS when processing related attachments. Accordin...

PT-2025-7841 · Unknown · Baden List Related Attachments

Name of the Vulnerable Software and Affected Versions: Baden List Related Attachments versions n/a through 2.1.6 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically DOM-Based XSS...

WordPress List Related Attachments plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin List Related Attachments versions = 2.1.6...

New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection

A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of...

Spam and phishing in 2024

The year in figures 27% of all emails sent worldwide and 48.57% of all emails sent in the Russian web segment were spam 18% of all spam emails were sent from Russia Kaspersky Mail Anti-Virus blocked 125,521,794 malicious email attachments Our Anti-Phishing system thwarted 893,216,170 attempts to...

PT-2025-26481

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions 6.0.0 through 10.0.0 Description: The issue allows a specially crafted request to inject scripts in the "Activity Feed Attachments" endpoint, which will then render in the feed, resulting in a cross-site...

SUSE CVE-2023-38060

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue...

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

CVE-2024-13641

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for...

CVE-2024-13606

CVE-2024-13606 relates to the WordPress plugin “JS Help Desk – The Ultimate Help Desk & Support Plugin.” According to the provided documents, all versions up to and including 2.8.8 are vulnerable to an Unauthenticated Sensitive Information Exposure via an insecure directory: /wp-content/uploads/j...

WordPress plugin JS Help Desk 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.

...

CVE-2022-36096

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...

CVE-2024-13829 WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.8 - Unauthenticated Sensitive Information Exposure

The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for unauthenticated attackers to extract...