2 matches found
EUVD-2026-39948
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...
Directorist < 7.5.4 - Admin+ LFI
The plugin is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. This PoC will work on Linux systems. 1. Navigate to the URL path: /wp-admin/edit.php?posttype=atbizdir&page=tools&step=2&file=/etc/passwd&delimiter=; 2.. You will be presented wit...