Lucene search
+L

65 matches found

NVD
NVD
added 5 days ago3 views

CVE-2026-57396

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-57396

CVE-2026-57396 is a Stored XSS vulnerability in the WordPress Free Gifts for WooCommerce plugin (versions up to 13.1.0). It stems from improper input neutralization during web page generation and can affect the plugin’s output. The CVSS 3.1 vector indicates network attack, no privileges required,...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-57396 WordPress Free Gifts for WooCommerce plugin <= 13.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Flintop Free Gifts for WooCommerce free-gifts-for-woocommerce allows Stored XSS.This issue affects Free Gifts for WooCommerce: from n/a through = 13.1.0...

7.1CVSS0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/08 9:39 a.m.5 views

WordPress Free Gifts for WooCommerce plugin <= 13.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Free Gifts for WooCommerce versions = 13.1.0...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-26900

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/07 2:33 p.m.5 views

CVE-2025-58878

Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...

6.5CVSS5.9AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2025/09/05 2:16 p.m.15 views

CVE-2025-58878

Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...

6.5CVSS0.00137EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/05 1:45 p.m.3 views

CVE-2025-58878 WordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...

6.5CVSS5.1AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/05 1:45 p.m.17 views

CVE-2025-58878 WordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through = 1.0.0...

6.5CVSS0.00137EPSS
Exploits0References1
CVE
CVE
added 2025/09/05 1:45 p.m.20 views

CVE-2025-58878

CVE-2025-58878 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Woocommerce Gifts Product, affecting versions up to 1.0.0. The initial and connected documents confirm the vulnerability type and affected product/versions, but do not specify a patched version or r...

6.5CVSS5.9AI score0.00137EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/05 1:45 p.m.6 views

WordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Mika in WordPress Plugin Woocommerce Gifts Product versions = 1.0.0...

6.5CVSS6.6AI score0.00137EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.4 views

WordPress plugin Woocommerce Gifts Product 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin...

6.5CVSS6.4AI score0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.18 views

PT-2025-36216

Name of the Vulnerable Software and Affected Versions: Woocommerce Gifts Product versions through 1.0.0 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to perform actions on behalf of authenticated users without their knowledge. Recommendations:...

6.5CVSS6.2AI score0.00137EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/29 9:23 a.m.1 views

CVE-2025-6730 Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success

The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlooptincall function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS6.1AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/29 9:23 a.m.9 views

CVE-2025-6730 Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success

The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlooptincall function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00184EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.5 views

WordPress plugin Bonanza – WooCommerce Free Gifts Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.4AI score0.00184EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/07/14 12:0 a.m.7 views

The Man behind the Sound: Demystifying Audio Private Attribute Profiling Via Multimodal Large Language Model Agents

Our research uncovers a novel privacy risk associated with multimodal large language models MLLMs: the ability to infer sensitive personal attributes from audio data -- a technique we term audio private attribute profiling. This capability poses a significant threat, as audio can be covertly...

6.7AI score
Exploits0
OSV
OSV
added 2025/05/15 8:16 p.m.10 views

CVE-2025-0687

The Spiritual Gifts Survey and optional S.H.A.P.E survey WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

6.1CVSS5.8AI score0.00146EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:16 p.m.10 views

CVE-2025-0688

The Spiritual Gifts Survey and optional S.H.A.P.E survey WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

6.1CVSS5.8AI score0.00146EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.19 views

CVE-2025-0688 Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS

The Spiritual Gifts Survey and optional S.H.A.P.E survey WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

0.00146EPSS
Exploits1References1
Rows per page
Query Builder