71 matches found
CVE-2025-13157
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
EUVD-2025-199804
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
CVE-2025-13157
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
CVE-2025-13157
CVE-2025-13157 concerns the QODE Wishlist for WooCommerce plugin (WordPress). Some versions up to 1.2.7 are vulnerable to an Insecure Direct Object Reference due to missing validation in the wishlist_table_item_callback, allowing unauthenticated attackers to update the public view of arbitrary wi...
CVE-2025-13157 QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qodewishlistforwoocommercewishlisttableitemcallback' function due to missing validation on a user controlled key. This makes it possible fo...
WordPress QODE Wishlist for WooCommerce plugin <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update vulnerability
Unauthenticated Insecure Direct Object Reference to Wishlist Update vulnerability discovered by WordFence in WordPress Plugin QODE Wishlist for WooCommerce versions = 1.2.7...
PT-2025-48239
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qode wishlist for woocommerce wishlist table item callback' function due to missing validation on a user controlled key. This makes it...
WordPress plugin QODE Wishlist for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2025-163765
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through = 1.4.3...
EUVD-2023-44920
Malicious code in bioql PyPI...
EUVD-2024-44884
Malicious code in bioql PyPI...
EUVD-2023-51778
Malicious code in bioql PyPI...
EUVD-2024-43542
Malicious code in bioql PyPI...
WordPress Qi Addons for Elementor plugin <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via TypeOut Text Widget vulnerability discovered by zer0gh0st in WordPress Plugin Qi Addons For Elementor versions = 1.9.2...
WordPress Qi Addons For Elementor plugin <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Qi Addons For Elementor versions = 1.9.1...
CVE-2024-38712
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through = 1.3...
CVE-2023-47840
Improper Control of Generation of Code 'Code Injection' vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2...
CVE-2023-47680
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Qode Interactive Qi Addons For Elementor plugin = 1.6.3 versions...
CVE-2023-40333
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Qode Interactive Bridge Core plugin = 3.0.9 versions...
CVE-2024-50457
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Qode Qode Essential Addons qode-essential-addons.This issue affects Qode Essential Addons: from n/a through = 1.6.3...