15 matches found
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
EUVD-2025-209568
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
CVE-2025-50229
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
PT-2026-34666
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...
CVE-2025-50229
CVE-2025-50229 affects Jizhicms v2.5.4 with a SQL injection vulnerability in the product editing module. The CVSS 3.1 vector indicates high impact on confidentiality, integrity, and availability (base score 9.8; network, low attack complexity, no privileges required, no user interaction). The con...
WordPress WP eStore plugin < 8.5.6 - Reflected XSS in Product Editing vulnerability
Reflected XSS in Product Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.6...
CVE-2025-55744 UnoPim vulnerable to CSRF on Product edit feature and creation of other types
UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery CSRF. This vulnerability is fixed in 0.2.1...
CVE-2025-22352
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows Blind SQL Injection.This issue affects ELEX...
CVE-2024-6134 WP eStore < 8.5.6 - Reflected XSS in Product Editing
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-6134 WP eStore < 8.5.6 - Reflected XSS in Product Editing
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-6134
CVE-2024-6134 affects wp-cart-for-digital-products (WordPress plugin) prior to version 8.5.6. The vulnerability is a Reflected XSS caused by insufficient sanitization/escaping of a parameter before it is echoed on the page, potentially affecting high-privilege users (admin). The issue is publicly...
WordPress YITH WooCommerce Bulk Product Editing plugin <=1.2.14 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Bulk Product Editing plugin versions =1.2.14. Solution Update the WordPress YITH WooCommerce Bulk Product Editing plugin to the latest available version at least 1.2.15...