19502 matches found
DomainMOD 4.13.0 - Cross-Site Scripting
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...
Sharp Multifunction Printers - Directory Listing
It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file. id: CVE-2024-33605 info: name: Sharp Multifunction Printers - Directory Listing author: gy741 severity: hig...
WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...
Oracle iPlanet Web Server 7.0.x - Image Injection
Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...
WCAPF WooCommerce Ajax Product Filter - SQL Injection
WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...
MyStyle Custom Product Designer <= 3.21.1 - SQL Injection
The MyStyle Custom Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.21.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...
Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...
WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting
The Product Addons & Fields for WooCommerce WordPress plugin before version 32.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape some URL parameters in the admin panel, which could allow attackers to execute arbitrary JavaScript code in ...
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. id: CVE-2018-6605 info: name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection author: DhiyaneshDk severity...
WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...
CVE-2026-57805
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Tonda tonda allows PHP Local File Inclusion.This issue affects Tonda: from n/a through = 2.5...
CVE-2026-57422
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflected XSS.This issue affects Bopo – WooCommerce Product Bundle Builder: from n/a through = 1.2.0...
CVE-2026-57409
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.1.0...
CVE-2026-57377
Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through = 1.6.8...
CVE-2026-57422 WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflected XSS.This issue affects Bopo – WooCommerce Product Bundle Builder: from n/a through = 1.2.0...
CVE-2026-57422
CVE-2026-57422 concerns a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Bopo – WooCommerce Product Bundle Builder (bopo-woo-product-bundle-builder). The issue arises from improper input neutralization during web page generation, allowing an attacker to inject script v...
CVE-2026-57390 WordPress Extra Product Options Builder for WooCommerce plugin <= 1.2.167 - Broken Access Control vulnerability
Missing Authorization vulnerability in EDGARROJAS Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extra Product Options Builder for WooCommerce: from n/a through =...
CVE-2026-57390
The CVE concerns the WordPress plugin “Extra Product Options Builder for WooCommerce” (also listed as additional-product-fields-for-woocommerce). A Missing Authorization/Broken Access Control vulnerability affects the plugin in versions up to and including 1.2.167, enabling exploitation due to in...
CVE-2026-57377 WordPress WowAddons plugin <= 1.6.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPXPO WowAddons product-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowAddons: from n/a through = 1.6.8...
CVE-2026-57377
CVE-2026-57377 describes a missing authorization vulnerability in the WordPress WowAddons plugin (product-addons) affecting versions up to 1.6.8. The underlying issue is broken access control, i.e., incorrectly configured access control security levels, which can allow unauthorized actions. The v...