65 matches found
CVE-2026-57396
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...
CVE-2026-57396
CVE-2026-57396 is a Stored XSS vulnerability in the WordPress Free Gifts for WooCommerce plugin (versions up to 13.1.0). It stems from improper input neutralization during web page generation and can affect the plugin’s output. The CVSS 3.1 vector indicates network attack, no privileges required,...
CVE-2026-57396 WordPress Free Gifts for WooCommerce plugin <= 13.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...
WordPress Free Gifts for WooCommerce plugin <= 13.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Free Gifts for WooCommerce versions = 13.1.0...
EUVD-2025-26900
Malicious code in bioql PyPI...
CVE-2025-58878
Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...
CVE-2025-58878
Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...
CVE-2025-58878 WordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...
CVE-2025-58878 WordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...
CVE-2025-58878
CVE-2025-58878 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Woocommerce Gifts Product, affecting versions up to 1.0.0. The initial and connected documents confirm the vulnerability type and affected product/versions, but do not specify a patched version or r...
WordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Mika in WordPress Plugin Woocommerce Gifts Product versions = 1.0.0...
WordPress plugin Woocommerce Gifts Product 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin...
PT-2025-36216
Name of the Vulnerable Software and Affected Versions: Woocommerce Gifts Product versions through 1.0.0 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to perform actions on behalf of authenticated users without their knowledge. Recommendations:...
CVE-2025-6730 Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success
The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlooptincall function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-6730 Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success
The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlooptincall function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress plugin Bonanza – WooCommerce Free Gifts Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
The Man behind the Sound: Demystifying Audio Private Attribute Profiling Via Multimodal Large Language Model Agents
Our research uncovers a novel privacy risk associated with multimodal large language models MLLMs: the ability to infer sensitive personal attributes from audio data -- a technique we term audio private attribute profiling. This capability poses a significant threat, as audio can be covertly...
CVE-2025-0687
The Spiritual Gifts Survey and optional S.H.A.P.E survey WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...
CVE-2025-0688
The Spiritual Gifts Survey and optional S.H.A.P.E survey WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...
CVE-2025-0688 Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS
The Spiritual Gifts Survey and optional S.H.A.P.E survey WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...