EUVD-2022-33957

Malicious code in bioql PyPI...

CVE-2025-5813 Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation

The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2wgetamazonproductcallback function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create n...

CVE-2025-5813

CVE-2025-5813 affects the WordPress plugin “Amazon Products to WooCommerce” for versions up to 1.2.7. Root cause: missing capability check in wcta2w_get_amazon_product_callback(), enabling unauthenticated attackers to create new products and modify data. Impact: unauthorized data modification and...

CVE-2024-46307

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products...

CVE-2024-53829

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...

CVE-2024-53829

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...

CVE-2024-53829 Cross-Site Request Forgery in CodeChecker API

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not...

CVE-2024-4450

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with...

Booster for WooCommerce < 7.1.3 - Missing Authorization to Product Creation/Modification

Description The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcjproductaddnew function in all versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2021-4391 Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery Bypass

The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwbwgmsavepost function. This makes it possible for unauthenticated attackers to modify...

CVE-2022-4936

The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping...

CVE-2022-4935

The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...

Magento Cross-site Scripting in the admin panel

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information...

CVE-2019-7162

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation...

Information disclosure

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation...

CVE-2019-7162

Zoho ManageEngine ADSelfService Plus 5.6 Build 5607 is affected by an information-disclosure vulnerability. An exposed service allows an unauthenticated actor to retrieve internal system information and modify the product installation. The issue is confirmed in multiple sources referencing this e...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that 1 modify customer settings or hijack the authentication of administrators for requests that change 2 customer passwords, 3 shop...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...

CVE-2013-5977

Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...