CVE-2025-58228

CVE-2025-58228 : A stored XSS in Quick View for WooCommerce (ShapedPlugin LLC) affects version up to 2.2.16 and requires attacker authentication (Contributor+). The issue can lead to stored cross-site scripting via the affected plugin’s web page generation. Patch status in connected records shows...

CVE-2025-58228 WordPress Quick View for WooCommerce Plugin <= 2.2.16 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShapedPlugin LLC Quick View for WooCommerce woo-quickview allows Stored XSS.This issue affects Quick View for WooCommerce: from n/a through = 2.2.16...

WordPress plugin Quick View for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-38817

Name of the Vulnerable Software and Affected Versions WPBean WPB Quick View for WooCommerce versions through 2.1.8 Description The software contains a flaw related to improper input handling during web page generation, specifically a Cross-site Scripting issue. This allows for Stored XSS attacks...

WordPress plugin WPB Quick View for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-38893

Name of the Vulnerable Software and Affected Versions Quick View for WooCommerce versions through 2.2.16 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instance allows for Stored XSS...

CVE-2025-39809

In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-quicki2c: Fix ACPI dsd ICRS/ISUB length The QuickI2C ACPI DSD methods return ICRS and ISUB data with a trailing byte, making the actual length is one more byte than the structs defined. It caused...

MAL-2025-47101 Malicious code in quick-navigation-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293f1ac2032d67eaf1bdca4962d876dc2f82271c474d5fbf4f3a6d2d50b71d63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in quick-navigation-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 293f1ac2032d67eaf1bdca4962d876dc2f82271c474d5fbf4f3a6d2d50b71d63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Branch Predictor Isolation in KVM-QEMU

Summary Researchers claim new KVM-QEMU primitives allow exploitation of Spectre V2 resulting in information leakage in various cloud scenarios. KVM-QEMU is a combination of KVM Kernel-based Virtual Machine, a Linux kernel module that enables hardware-assisted virtualization and Quick Emulator QEM...

When You’re Always Under #DDoS Attack

We recently mitigated a 1.55 terabit per second Tbps, DDoS attack for a steady customer of ours. This particular customer is a reputable domain name service DNS provider. I’ve personally used them for over a decade to register domains for all the projects I will never complete or, tbh, start. But...

CVE-2025-58861

Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...

CVE-2025-39721

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - flush misc workqueue during device shutdown Repeated loading and unloading of a device specific QAT driver, for example qat4xxx, in a tight loop can lead to a crash due to a use-after-free scenario. This occurs when...

CVE-2025-27003

Cross-Site Request Forgery CSRF vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through = 5.7.46...

CVE-2025-27003 WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through = 5.7.46...

CVE-2025-27003

CVE-2025-27003 : CSRF vulnerability in WordPress plugin Quick Paypal Payments (versions up to 5.7.46). Affected component: the Quick Paypal Payments plugin. Impact: Cross-Site Request Forgery with a base CVSS 3.1 v3 score of 4.3 (Medium). Remediation: patch status shows as Patched in the cited so...

CVE-2025-27003 WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through = 5.7.46...

CVE-2025-58861

Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...

CVE-2025-58861

CVE-2025-58861 affects the WordPress plugin Quick Event Calendar (versions n/a–1.4.9). The issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables Stored XSS. CVSS 3.1 base score 7.1 (HIGH) with network attack vector, no privileges required, user interaction required, and impact t...

CVE-2025-58861 WordPress Quick Event Calendar Plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...