CVE-2026-3551

The CVE-2026-3551 issue affects the WordPress plugin Custom New User Notification (versions up to 1.2.0). It is a Stored XSS due to insufficient input sanitization and output escaping in multiple admin settings fields (e.g., User Mail Subject, User From Name/Email, Admin Mail Subject, Admin From ...

CVE-2025-15484

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

CVE-2025-15484

The CVE-2025-15484 entry concerns the WordPress plugin Order Notification for WooCommerce. Multiple sources confirm that versions prior to 3.6.3 bypass WooCommerce permission checks, allowing unauthenticated requests to perform full read/write operations on store resources (e.g., products, coupon...

CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

CVE-2025-62915 WordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Contact Form 7 Notifications by ClickSend: from n/a through = 1.4.0...

EUVD-2012-4846

Malware in sbrugna...

EUVD-2021-11770

Malware in sbrugna...

EUVD-2022-1886

Malicious code in bioql PyPI...

EUVD-2022-2647

Malicious code in bioql PyPI...

EUVD-2022-5671

Malicious code in bioql PyPI...

CVE-2025-39478 WordPress Smart Notification Plugin <= 10.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n/a through 10.3...

CVE-2025-39478

CVE-2025-39478 affects WordPress Smart Notification Plugin (Smart Notification) versions ≤ 10.3. It is a Reflected Cross-Site Scripting (XSS) vulnerability. All connected sources (NVD, Red Hat, CNNVD, Patchstack, CVE records) indicate the issue exists and that a fix is not yet provided in the pub...

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

CVE-2020-2297

Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2019-10459

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003044

A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2024-6159

The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

WordPress plugin Push notification for Mobile and Web app 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-6159

The CVE-2024-6159 issue affects the WordPress plugin Push Notification for Post and BuddyPress, vulnerable in all versions prior to 1.9.4 (≤1.93). The root cause is insufficient escaping/sanitization of user-supplied parameters in an AJAX action accessible to unauthenticated users, enabling SQL i...