32 matches found
CVE-2026-3460
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
WordPress REST API TO MiniProgram plugin <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference via 'userid' REST API Parameter vulnerability discovered by WordFence in WordPress Plugin REST API TO MiniProgram versions = 5.1.2...
EUVD-2026-14186
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
CVE-2026-3460
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...
PT-2026-26855
The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback update user wechatshop info permissions check only validating that the supplied 'openid' parameter corresponds to ...
EUVD-2025-7849
Malicious code in bioql PyPI...
EUVD-2024-49216
Malicious code in bioql PyPI...
CVE-2023-0551
The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments...
CVE-2025-28886
Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...
CVE-2025-28886 WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...
CVE-2025-28886
CVE-2025-28886 : A CSRF vulnerability in the WordPress plugin REST API TO MiniProgram affects the REST API TO MiniProgram plugin (versions up to 4.7.1; WordPress records also reference up to 5.1.2). The issue enables Cross-Site Request Forgery, enabling an attacker to cause the application to per...
CVE-2025-28886 WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through = 5.1.2...
WordPress plugin REST API TO MiniProgram 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
MAL-2025-1518 Malicious code in miniprogram-project (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 162ae3d0d0a1a6baf3618206ae9d0a31f403340e2a4bbf9aa7d4e9980eb1d817 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in miniprogram-project (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 162ae3d0d0a1a6baf3618206ae9d0a31f403340e2a4bbf9aa7d4e9980eb1d817 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-8484
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-8484 REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...
WordPress plugin REST API TO MiniProgram 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Exploit for SQL Injection in Jianbo Rest_Api_To_Miniprogram
CVE-2024-8484 REST API TO MiniProgram = 4.7.1 - Unauthenti...
WordPress REST API TO MiniProgram plugin <= 4.7.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin REST API TO MiniProgram versions = 4.7.1...