103 matches found
PT-2025-50009
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.5...
WordPress WP-CRM System plugin <= 3.4.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP-CRM System versions = 3.4.6...
EUVD-2025-17281
Malicious code in bioql PyPI...
EUVD-2025-13755
Malicious code in bioql PyPI...
EUVD-2024-52891
Malicious code in bioql PyPI...
EUVD-2024-28355
Malicious code in bioql PyPI...
CVE-2025-10389
A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...
CRMEB 授权问题漏洞
CRMEB is a Java mall system of CRMEB open source. An authorization issue vulnerability exists in CRMEB 5.6.1 and earlier versions, which stems from improper manipulation of the parameter ID of the function editAddress in the file app/services/user/UserAddressServices.php, which could lead to...
CVE-2025-49270
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP-CRM System: from n/a through = 3.4.2...
CVE-2025-49270
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP-CRM System: from n/a through = 3.4.2...
CVE-2025-49270
CVE-2025-49270 is a Missing Authorization vulnerability in WP-CRM System (affected: up to 3.4.2) where ACL checks fail to constrain access to certain functionality. Red Hat lists it as Missing Authorization; Wordfence notes the CVE in WP-CRM System and marks it as patched in a newer release. Publ...
CVE-2025-49270 WordPress WP-CRM System plugin <= 3.4.2 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP-CRM System: from n/a through = 3.4.2...
WordPress plugin WP-CRM System 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2025-24215 · Mario Peshev · Wp-Crm System
Name of the Vulnerable Software and Affected Versions: Mario Peshev WP-CRM System versions 3.4.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This means that...
CVE-2024-30434
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP-CRM System allows Stored XSS.This issue affects WP-CRM System: from n/a through 3.2.9...
CVE-2024-55991
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.2.9.1...
CVE-2025-47629
Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through = 3.4.5...
CVE-2025-47629
Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through = 3.4.5...
CVE-2025-47629 WordPress WP-CRM System plugin <= 3.4.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through = 3.4.5...
CVE-2025-47629 WordPress WP-CRM System <= 3.4.1 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1...