2612 matches found
WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read
WooCommerce Designer Pro theme for WordPress = 1.9.28 contains an arbitrary file read vulnerability caused by improper input validation, letting unauthenticated attackers read arbitrary files including sensitive configuration files, exploit requires no authentication. id: CVE-2025-10897 info: nam...
News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdpgetmorepost function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data. id: CVE-2023-5815...
JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. id: CVE-2017-5983 info: name:...
CVE-2026-9725
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...
CVE-2026-9725 Printcart Web to Print Product Designer for WooCommerce <= 2.5.2 - Unauthenticated Arbitrary File Deletion
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...
CVE-2026-9725
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...
CVE-2026-34104
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
EUVD-2026-41052
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
CVE-2026-34096
Guardian Language-System XSS via name Parameter in designer.php. Root cause: failure to sanitize the name GET parameter before output into an HTML input value attribute (designer.php: line 57). Impact: authenticated attacker can craft a URL with script tags that execute in the victim’s browser se...
CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
CVE-2026-9836
IBM InfoSphere Information Server 11.7.0.0–11.7.1.6 is affected by CVE-2026-9836, an information-disclosure vulnerability in the DataStage Flow Designer application (CWE-200). Reported base score varies by source (NVD lists 7.5 HIGH overall but IBM notes a CVSS v3.1 base score of 3.5, LOW). The u...
CVE-2026-9836 IBM DataStage Flow Designer application is affected by an information disclosure vulnerability
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
Security Bulletin: IBM Integration Designer is vulnerable to multiple CVEs
Summary Multiple vulnerabilities are resolved: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-34268 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2026-57329
Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...
EUVD-2026-40100
Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...
CVE-2026-57329 WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...
CVE-2026-57329
CVE-2026-57329 describes a Subscriber Cross Site Scripting (XSS) vulnerability in the WooCommerce Designer Pro plugin up to version 1.9.34. CVSS v3.1 base score 6.5 (attackVector: NETWORK, attackComplexity: LOW, privilegesRequired: LOW, userInteraction: REQUIRED, scope: CHANGED, confidentiality/i...
CVE-2026-57329
Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...
WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Designer Pro versions = 1.9.34...
PT-2026-53290
Name of the Vulnerable Software and Affected Versions WooCommerce Designer Pro versions prior to 1.9.35 Description Cross Site Scripting XSS allows an attacker with subscriber privileges to execute malicious scripts in the browser of other users. Recommendations Update WooCommerce Designer Pro to...