5 matches found
EUVD-2026-20453
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
PT-2026-31296
Name of the Vulnerable Software and Affected Versions WCAPF – WooCommerce Ajax Product Filter versions up to and including 4.2.3 Description The WooCommerce Ajax Product Filter plugin is susceptible to time-based SQL Injection through the post-author parameter. Insufficient input sanitization and...
CVE-2025-60102
CVE-2025-60102 : Stored Cross-Site Scripting in WPFront User Role Editor for WordPress. Affected software: WPFront User Role Editor, version range up to and including 4.2.3. Root cause and impact: improper neutralization of input during web page generation leading to stored XSS. Public details in...
CVE-2025-0877 XSS in AtaksAPP's Reservation Management System
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AtaksAPP Reservation Management System allows Cross-Site Scripting XSS. This issue affects Reservation Management System: before 4.2.3...
Pydio 跨站脚本漏洞
Pydio AjaXplorer is a web-based remote file manager from Pydio. The manager supports uploading and downloading files, online file editing, image previewing, and more. A security vulnerability exists in Pydio version 4.2.3, which can be exploited by an attacker to cause a cross-site scripting...