46 matches found
MINI-PGRM-HH3X-7JGJ
Bulletin has no description...
MINI-PGM4-R82V-JM54
Bulletin has no description...
CVE-2026-3460
CVE-2026-3460 concerns the REST API TO MiniProgram plugin for WordPress. The vulnerability allows an authenticated user with Subscriber-level access or higher to modify arbitrary users’ store-related metadata (storeinfo, storeappid, storename) via an attacker-controlled userid parameter in the RE...
CVE-2026-3460
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
CVE-2025-14259
A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument catid results in sql injection. The attack may be launched remotely. The exploit has been made public and...
CVE-2025-14259 Jihai Jshop MiniProgram Mall System api.html sql injection
A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument catid results in sql injection. The attack may be launched remotely. The exploit has been made public and...
EUVD-2021-27365
Malware in sbrugna...
EUVD-2025-7924
Malicious code in bioql PyPI...
EUVD-2024-43377
Malicious code in bioql PyPI...
EUVD-2024-34099
Malicious code in bioql PyPI...
dts-mall 安全漏洞
dts-mall is a WeChat small program mall by qiguliuxing individual developer. A security vulnerability exists in dts-mall version v0.0.1-SNAPSHOT, which stems from improper access control and could lead to authentication bypass...
CVE-2025-30604
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in jiangqie JiangQie Official Website Mini Program jiangqie-official-website-mini-program allows Blind SQL Injection.This issue affects JiangQie Official Website Mini Program: from n/a through = 1.8.2...
CVE-2025-30604
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in jiangqie JiangQie Official Website Mini Program jiangqie-official-website-mini-program allows Blind SQL Injection.This issue affects JiangQie Official Website Mini Program: from n/a through = 1.8.2...
WordPress JiangQie Official Website Mini Program plugin <= 1.8.2 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by kuteminh11 - VNPT Cyber Immunity in WordPress Plugin JiangQie Official Website Mini Program versions = 1.8.2...
WordPress plugin JiangQie Official Website Mini Program SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin REST API TO MiniProgram versions = 5.1.2...
CVE-2024-11380
The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-11380 Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-11380
CVE-2024-11380 : The Mini Program API plugin for WordPress (versions ≤ 1.4.5) is affected by a stored XSS in the qvideo shortcode due to insufficient input sanitization/output escaping of user attributes. This allows authenticated attackers with contributor-level access or higher to inject script...