CVE-2026-25317

CVE-2026-25317 is a Missing Authorization vulnerability in the WordPress plugin Print Invoice & Delivery Notes for WooCommerce (woocommerce-delivery-notes). Affected versions: from n/a up to and including 5.9.0. CVSSv3.1 base score 7.5 (HIGH) with network access, low attack complexity, no privile...

WordPress plugin Print Invoice & Delivery Notes for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-12071

The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funpajaxmodifynotes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2025-12071 Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification

The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funpajaxmodifynotes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2025-12527

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2018-3135

Malware in sbrugna...

EUVD-2024-50282

Malicious code in bioql PyPI...

WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin User Notes versions = 1.0.2...

CVE-2025-60136

CVE-2025-60136 is a Stored XSS vulnerability in WordPress plugin User Notes (versions up to 1.0.2). It arises from improper input neutralization during web page generation. The CVSS 3.1 score is 5.9 (Medium) with vector AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L; exploit requires high privileges and use...

CVE-2025-60136 WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through = 1.0.2...

WordPress plugin User Notes 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2024-9223

The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpajaxpostitlistcomment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

CVE-2023-6633

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

CVE-2024-13640

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in...

CVE-2024-9223

The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpajaxpostitlistcomment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

WordPress plugin WP Dashboard Notes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-29873 · Arconix +1 · Arconix Faq +2

Name of the Vulnerable Software and Affected Versions: Print Invoice & Delivery Notes for WooCommerce versions 4.8.1 and earlier Arconix Shortcodes versions 2.1.10 and earlier Arconix FAQ versions 1.9.3 and earlier Description: The issue is related to a Missing Authorization vulnerability. This...

WordPress Simple Post Notes Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Post Notes Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31935 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f527469e79aa Credits Brandon Roldan...

CVE-2023-6633

The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...

Site Notes <= 2.0.0 - Admin Note Deletion via CSRF

Description The plugin does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks PoC Have an administrator open the following HTML file:...