197 matches found
CVE-2025-58991
Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...
CVE-2025-58991
Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...
CVE-2025-58991
The CVE-2025-58991 entry documents a CSRF vulnerability in the WooCommerce Booking Bundle Hours WordPress plugin that can lead to Stored XSS. Affected software: WooCommerce Booking Bundle Hours (versions up to 0.7.4). Root cause: cross-site request forgery enabling stored XSS payloads. Impact is ...
CVE-2025-58991 WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...
CVE-2025-58991 WordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4...
WordPress plugin WooCommerce Booking Bundle Hours 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the...
PT-2025-36811
Name of the Vulnerable Software and Affected Versions: WooCommerce Booking Bundle Hours versions through 0.7.4 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Cristiano Zanca WooCommerce Booking Bundle Hours, which can lead to Stored Cross-Site Scripting XSS. Recommendation...
CVE-2025-4643
Payload uses JSON Web Tokens JWT for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date which is by default set to 2 hours, but can be changed. This issue has been fixed in version 3.44.0 of...
CVE-2025-4643
The CVE-2025-4643 issue affects Payload (Node/JS-based CMS). It stems from insufficient session expiration: after logout, JSON Web Tokens (JWTs) are not invalidated, enabling an attacker with a stolen/intercepted token to reuse it until expiration (default 2 hours, configurable). Affected behavio...
Linux Distros Unpatched Vulnerability : CVE-2023-41335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be...
CVE-2025-57768
Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...
CVE-2025-57768
Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...
CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database
Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...
CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database
Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...
CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database
Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...
CVE-2025-57768
Phproject (versions 1.8.0–1.8.2; fixed in 1.8.3) contains a Stored XSS in the Planned Hours field during project creation. A POST to /issues/new/ echoes the planned_hours value in the HTML without encoding/sanitization, allowing a attacker-supplied payload (e.g., ) to execute in the browser. The ...
PT-2025-34267 · Phproject · Phproject
Name of the Vulnerable Software and Affected Versions: Phproject versions 1.8.0 through 1.8.2 Description: Phproject is a high performance full-featured project management system. A Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. A...
Phproject 跨站脚本漏洞
Phproject is a project management system for Alan's personal developers. The system supports issue management, task management and dashboard features. A cross-site scripting vulnerability exists in versions of Phproject prior to 1.8.0 through 1.8.3, which stems from the presence of stored...
6 Steps to 24/7 In-House SOC Success
Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That's when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a security event over...
CVE-2024-6175
The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...