EUVD-2025-203206

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on the RemoveItems AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary WooCommerce...

CVE-2025-14365

The Eyewear prescription form plugin for WordPress (WordPress Eyewear prescription form) is affected by CVE-2025-14365. A Missing Authorization flaw in the RemoveItems AJAX action exists in all versions up to 6.0.1, enabling unauthenticated attackers to delete arbitrary WooCommerce product catego...

CVE-2025-14365 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on the RemoveItems AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary WooCommerce...

EUVD-2018-19300

Malware in sbrugna...

CVE-2018-7579

\application\admin\controller\updateurls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/updateurls/updatecategoryurl.html...

Joomla OS Property component 'catIds' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'catIds' parameter of the Joomla OS Property component, which allows remote, unauthenticated attackers to execute arbitrary SQL commands via the catIds parameter...