9 matches found
EUVD-2025-25363
Malicious code in bioql PyPI...
CVE-2025-49892
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through = 1.3.3...
CVE-2025-49892
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through = 1.3.3...
CVE-2025-49892 WordPress Uxper Booking Plugin <= 1.3.3 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through = 1.3.3...
CVE-2025-49892 WordPress Pending Order Bot plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in badasswp Pending Order Bot allows Stored XSS. This issue affects Pending Order Bot: from n/a through 1.0.2...
CVE-2025-49892
CVE-2025-49892 describes an LFI (Local File Inclusion) in the WordPress plugin Uxper Booking (uxper-booking) up to version 1.3.3. The vulnerability arises from improper control of filename handling in PHP include/require statements, allowing an attacker to include local files via crafted input. I...
WordPress plugin Pending Order Bot 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-33960 · WordPress · Badasswp Pending Order Bot
Name of the Vulnerable Software and Affected Versions: badasswp Pending Order Bot versions through 1.0.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Stored Cross-site Scripting condition. This allows for the injection of...
WordPress Pending Order Bot plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Pending Order Bot versions = 1.0.2...