CVE-2026-24387

CVE-2026-24387 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin WP Quick Post Duplicator. The issue arises from incorrectly configured access control security levels, potentially allowing unauthorized actions on WP Quick Post Duplicator versions up to and i...

CVE-2025-67683

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-67684

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...

CVE-2025-67684

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...

CVE-2025-67683

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-67684 Remote Code Execution via Local File Inclusion in Quick.Cart

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...

EUVD-2026-4160

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-67683 Reflected XSS in Quick.Cart

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-67683 Reflected XSS in Quick.Cart

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...

WordPress plugin WP Quick Post Duplicator has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

OpenSolution Quick.Cart cross-site scripting vulnerabilities

OpenSolution Quick.Cart is an online shopping system developed by the Polish company OpenSolution. OpenSolution Quick.Cart has a cross-site scripting vulnerability; this vulnerability stems from the sSort parameter, which is vulnerable to reflective cross-site scripting attacks, potentially...

PT-2026-4270

Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through = 2.1...

PT-2026-3928

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...

OpenSolution Quick.Cart path traversal vulnerability

OpenSolution Quick.Cart is an online store system developed by the Polish company OpenSolution. OpenSolution Quick.Cart has a path traversal vulnerability, which stems from issues with the theme selection mechanism involving local file inclusion and path traversal attacks. These vulnerabilities...

CVE-2026-22976

A flaw was found in the Linux kernel's schqfq Quick Fair Queueing scheduler. This vulnerability allows a local user to trigger a NULL pointer dereference in the qfqreset function. The issue arises when multiple qfqclass objects incorrectly reference the same leafqdisc, leading to an attempt to...

MiracleLinux 9 : libreswan-4.12-1.el9 (AXSA:2023-6824:09)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6824:09 advisory. libreswan: Invalid IKEv2 REKEY proposal causes restart CVE-2023-38710 libreswan: Invalid IKEv1 Quick Mode ID causes restart CVE-2023-38711 libreswan...

MiracleLinux 8 : libreswan-4.12-2.el8 (AXSA:2023-7185:10)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-7185:10 advisory. libreswan: Invalid IKEv2 REKEY proposal causes restart CVE-2023-38710 libreswan: Invalid IKEv1 Quick Mode ID causes restart CVE-2023-38711 libreswan...

MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2022-3808:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3808:01 advisory. QEMU: QXL: integer overflow in cursoralloc can lead to heap buffer overflow CVE-2021-4206 QEMU: QXL: double fetch in qxlcursor can lead to heap buff...

CVE-2026-1152 technical-laohu mpay QR Code Image unrestricted upload

A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...

WordPress Quick Contact Form plugin <= 8.2.6 - Unauthenticated Open Mail Relay vulnerability

Unauthenticated Open Mail Relay vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Quick Contact Form versions = 8.2.6...