29 matches found
EUVD-2025-10546
Malicious code in bioql PyPI...
EUVD-2023-0327
Malicious code in bioql PyPI...
CVE-2023-22734
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
CVE-2025-32378
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...
CVE-2025-32378
Shopware CVE-2025-32378 affects Shopware open source platforms prior to 6.6.10.3 and 6.5.8.17, where default double-opt-in newsletter settings allow mass sign-ups without confirmation. With Newsletter: Double Opt-in active and related disabled options, anyone can register using any email and opt ...
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...
Shopware default newsletter opt-in settings allow for mass sign-up abuse
Impact Currently the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are: Newsletter: Double Opt-in - active Newsletter: Double opt-in for registered customers - disabled Log-in & sign-up: Double opt-in on sign-up - disabled...
PT-2025-15708 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.10.3 Shopware versions prior to 6.5.8.17 Description: The issue concerns the default settings for double-opt-in in Shopware, which allows for mass unsolicited newsletter sign-ups without confirmation...
Improper Validation
Shopware is vulnerable to Improper Validation. The vulnerability exists because the library does not properly validate the double opt-in setting in the newsletter route, allowing an attacker to skip the complete double opt-in process...
Design/Logic Flaw
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
CVE-2023-22734
CVE-2023-22734 concerns an improper validation of the newsletter double opt-in in Shopware. The vulnerability arises from the newsletter route not correctly enforcing double opt-in, potentially causing inconsistencies in newsletter systems. Documents indicate the issue has been fixed in version 6...
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
CVE-2015-7517
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to 1 class-doifd-download.php or 2 class-doifd-landing-page.php in public/includes/...
CVE-2015-7517
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to 1 class-doifd-download.php or 2 class-doifd-landing-page.php in public/includes/...
CVE-2015-7517
CVE-2015-7517 affects the WordPress plugin Double Opt-In for Download (public/includes/ files) with SQL injection via the ver parameter in class-doifd-download.php and class-doifd-landing-page.php. Affected versions are prior to 2.0.9. Root cause is improper handling of user-supplied ver data ena...
Wordpress plugin double-opt-in-for-download has multiple cross-site scripting vulnerabilities
double-opt-in-for-download is a Wordpress plugin that is used to capture the name and email address of visitors by offering a free download to the user's visitors in exchange for their email address with the Double Opt-In plugin! Wordpress plugin double-opt-in-for-download has an xss vulnerabilit...