Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives

Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users' browser, crypto, and Discord data...

EUVD-2025-24200

Malicious code in bioql PyPI...

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Cybersecurity researchers have flagged a new phishing campaign that's using fake voicemails and purchase orders to deliver a malware loader called UpCrypter. The campaign leverages "carefully crafted emails to deliver malicious URLs linked to convincing phishing pages," Fortinet FortiGuard Labs...

WordPress WooCommerce Purchase Orders plugin Arbitrary File Deletion Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress WooCommerce Purchase Orders plugin suffers from an arbitrary file deletion vulnerability that stems from the program failing to properly filter for special element...

CVE-2025-5391

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-5391

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-5391 WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-5391

CVE-2025-5391 affects the WooCommerce Purchase Orders plugin for WordPress (versions ≤ 1.0.2). The vulnerability arises from insufficient file path validation in the delete_file() function, allowing authenticated attackers with Subscriber-level access or higher to delete arbitrary files on the se...

CVE-2025-5391 WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

PT-2025-32616 · WordPress · Woocommerce Purchase Orders

Name of the Vulnerable Software and Affected Versions: WooCommerce Purchase Orders plugin for WordPress versions up to and including 1.0.2 Description: The WooCommerce Purchase Orders plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the...

WordPress plugin WooCommerce Purchase Orders 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress WooCommerce Purchase Orders plugin suffers from an arbitrary file deletion vulnerability that stems from the program failing to properly filter for special element...

WordPress WooCommerce Purchase Orders plugin <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by CVEhunter in WordPress Plugin WooCommerce Purchase Orders versions = 1.0.2...

Shopify: Disclose Any Store products, Files, Purchase Orders Via Email through Shopify Stocky APP

Hello Shopify Security Team! Bug Summary: This bug leads to disclose any store products, files, purchase orders through shopify stocky app. It is bug in shopify app but it effects stores also. Reproduction steps: Go to apps.shopify.com and install the stocky app. Now you will be redirected to thi...

Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to view work logs during purchase orders that they should not have access to (CVE-2016-0222)

Summary IBM Maximo Asset Management could allow an authenticated user to view work logs during purchase orders that they should not have access to. Vulnerability Details CVEID: CVE-2016-0222 DESCRIPTION: IBM Maximo Asset Management could allow an authenticated user to view work logs during purcha...