764 matches found
CVE-2025-63738
An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...
PT-2025-50097
Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description An issue exists in the index.php file of Xinhu Rainrock RockOA version 2.7.0 that allows attackers to obtain sensitive information. This is achieved by exploiting the phpinfo function through the...
CVE-2025-12039
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
WordPress BigBuy Dropshipping Connector for WooCommerce plugin <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() Exposure vulnerability
Unauthenticated IP Spoofing to phpinfo Exposure vulnerability discovered by Jarno Vos jarnovos in WordPress Plugin BigBuy Dropshipping Connector for WooCommerce versions = 2.0.5...
CVE-2025-12039
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
EUVD-2025-198393
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
CVE-2025-12039
The CVE-2025-12039 entry concerns the WordPress plugin “BigBuy Dropshipping Connector for WooCommerce.” The connected sources describe an IP address forgery/spoofing vulnerability caused by insufficient IP validation and reliance on user-supplied HTTP headers to determine the client IP, exposing ...
CVE-2025-12039 BigBuy Dropshipping Connector for WooCommerce <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() Exposure
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
CVE-2025-12039 BigBuy Dropshipping Connector for WooCommerce <= 2.0.5 - Unauthenticated IP Spoofing to phpinfo() Exposure
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
PT-2025-47708
The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.0.5 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
CVE-2025-9196
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...
EUVD-2025-33817
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...
CVE-2025-9196
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...
CVE-2025-9196 Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...
CVE-2025-9196
Summary of CVE-2025-9196 (Trinity Audio WordPress plugin) : The Trinity Audio Text to Speech AI plugin (WordPress) versions up to 5.21.0 allows unauthenticated information exposure via the file path ~/admin/inc/phpinfo.php created on install. The vulnerability enables retrieval of sensitive data,...
CVE-2025-9196 Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...
PT-2025-41645
Name of the Vulnerable Software and Affected Versions Trinity Audio – Text to Speech AI plugin for WordPress versions prior to 5.21.1 Description The software is susceptible to exposure of sensitive information. An unauthenticated attacker can extract configuration data through the...
WordPress plugin Trinity Audio 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...
EUVD-2003-1393
Malware in sbrugna...
EUVD-2004-0242
Malware in sbrugna...