75 matches found
CVE-2025-14294
The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials permission callback always returning true,...
PT-2026-20614
Name of the Vulnerable Software and Affected Versions Razorpay for WooCommerce plugin for WordPress versions through 4.7.8 Description The Razorpay for WooCommerce plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the getCouponList function,...
EUVD-2025-25360
Malicious code in bioql PyPI...
CVE-2025-43803
Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...
PT-2025-37809
Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.7 macOS versions prior to Sonoma 14.8 macOS versions prior to Tahoe 26 Description: A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access contact in...
CVE-2025-49891
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...
CVE-2025-49891
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...
CVE-2025-49891 WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in riotweb Contact Info Widget allows Stored XSS. This issue affects Contact Info Widget: from n/a through 2.6.2...
CVE-2025-49891
CVE-2025-49891 is a SQL Injection vulnerability in the WordPress plugin Uxper Booking (uxper-booking) , allowing Blind SQL Injection. It affects versions up to and including 1.3.3 . The issue stems from improper neutralization of input in SQL commands, with CVSS 3.1 vector indicating network atta...
CVE-2025-49891 WordPress Uxper Booking Plugin <= 1.3.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...
WordPress plugin Contact Info Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2025-33959 · Unknown · Riotweb Contact Info Widget
Name of the Vulnerable Software and Affected Versions: riotweb Contact Info Widget versions through 2.6.2 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting XSS. Recommendations: Update to a version later than 2.6.2...
WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Contact Info Widget versions = 2.6.2...
CVE-2024-29413
Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function...
CVE-2024-9952
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=systeminfo/contactinfo of the component Contact Information Page. The manipulation of the argument Address leads to cross site...
CVE-2024-12982
A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The...
PHPGurukul Blood Bank & Donor Management 安全漏洞
PHPGurukul Blood Bank & Donor Management is a blood bank and donor management system from PHPGurukul, Inc. A security vulnerability exists in PHPGurukul Blood Bank & Donor Management version 2.4, which originates from a cross-site scripting vulnerability contained in the Address parameter of the...
CVE-2024-11420
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2024-11420
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2024-11420
CVE-2024-11420 (Blocksy) : The WordPress Blocksy theme is vulnerable to Stored Cross-Site Scripting via the Contact Info Block's link parameter in all versions up to 2.0.77. An attacker with Contributor-level access or higher can inject scripts that execute when users view the page containing the...