CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

CVE-2025-14509 Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

CVE-2025-14509

CVE-2025-14509 (Lucky Wheel for WooCommerce – Spin a Sale) is a PHP code injection flaw in the plugin that uses eval() to execute unsanitized input from the Conditional Tags setting. It affects all versions up to 1.1.13, enabling authenticated attackers with Administrator-level access (and, in Wo...

EUVD-2025-205769

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

CVE-2025-14509 Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection when operating in Restricted Mode, which is enabled for untrusted workspaces. Remediation Upgrade github.com/golang/vscode-go/extension to version 0.52.0-rc.1 or higher. References - GitHub ChangeLog - GitHub...

work_platform 代码注入漏洞

workplatform is a development framework by zhujunliang personal developer. A code injection vulnerability exists in workplatform, which stems from an error in the component Content Handler that could lead to a cross-site scripting attack...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the functions doMachineList and doPodList in the file...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function index in the file...

WordPress plugin Lucky Wheel for WooCommerce – Spin a Sale 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

CampCodes Park Ticketing System 代码注入漏洞

CampCodes Park Ticketing System is a park ticketing system from CampCodes Philippines. A code injection vulnerability exists in CampCodes Park Ticketing System version 1.0, which stems from an incorrect manipulation of the parameter Name of the function savepricing in the file adminclass.php, whi...

PT-2025-53921

Name of the Vulnerable Software and Affected Versions Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress versions up to and including 1.1.13 Description The software contains a PHP Code Injection issue stemming from the use of eval to process user-provided input from the 'Conditional...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the init function in the file src/main/java/com/sohu/cache/web/controller/LoginController.java, which...

PT-2025-54176

Name of the Vulnerable Software and Affected Versions 08CMS Novel System versions up to 3.4 Description A security issue exists in 08CMS Novel System related to the processing of the admina/mtpls.inc.php file within the Template Handler component. This manipulation can lead to code injection, and...

product-review 代码注入漏洞

product-review is a product review system by sunhailin12315 individual developer. A code injection vulnerability exists in product-review, which stems from the incorrect manipulation of the parameter content in the component Write a Review, which could lead to a cross-site scripting attack...

08CMS Novel System 代码注入漏洞

08CMS Novel System is a novel system of China Dingdot 08CMS company. A code injection vulnerability exists in 08CMS Novel System 3.4 and earlier versions, which stems from incorrect manipulation of the file admina/mtpls.inc.php in the component Template Handler, which can lead to code injection...

EUVD-2025-205596

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2...

CVE-2025-15148

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...

CVE-2025-68897

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

CVE-2025-68897 WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...