14 matches found
CVE-2026-40488
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete...
CVE-2026-40488
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete...
CVE-2025-49300
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through = 2.8...
CVE-2025-49300 WordPress Traveler Option Tree plugin <= 2.8 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through = 2.8...
CVE-2025-49300
CVE-2025-49300 affects WordPress plugin Traveler Option Tree (shinetheme) up to version 2.8. The vulnerability arises from insertion of sensitive information into data that is sent, enabling retrieval of embedded sensitive data from the custom-option-tree component. Affected versions are through ...
PT-2025-51378
Name of the Vulnerable Software and Affected Versions shinetheme Traveler Option Tree versions through 2.8 Description A flaw exists in shinetheme Traveler Option Tree that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. The issue is...
CVE-2025-58449
Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user ca...
Maho is Vulnerable to Authenticated Remote Code Execution via File Upload
Summary In Maho 25.7.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user can use the filed to upload malicious PHP files, gaini...
GHSA-VGMM-27FC-VMGP Maho is Vulnerable to Authenticated Remote Code Execution via File Upload
Summary In Maho 25.7.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user can use the filed to upload malicious PHP files, gaini...
CVE-2025-58449
Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user ca...
CVE-2025-58449 Maho Vulnerable to Authenticated Remote Code Execution via File Upload
Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user ca...
CVE-2025-58449 Maho Vulnerable to Authenticated Remote Code Execution via File Upload
Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user ca...
CVE-2025-58449
CVE-2025-58449 affects Maho prior to 25.9.0. An authenticated staff user with Dashboard and Catalog\Manage Products permissions can create a custom option with a file input and, by whitelisting a ".php" extension, upload PHP files that are written to a predictable webroot path and can be executed...
PT-2025-36514
Name of the Vulnerable Software and Affected Versions: Maho versions prior to 25.9.0 Description: Maho is a free and open source ecommerce platform. An authenticated staff user with access to the Dashboard and CatalogManage Products permissions can create a custom option on a listing with a file...