CVE-2025-27360

Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Cross Site Request Forgery.This issue affects Quick Event Calendar: from n/a through = 1.4.9...

CVE-2025-27360 WordPress Quick Event Calendar plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Cross Site Request Forgery.This issue affects Quick Event Calendar: from n/a through = 1.4.9...

CVE-2025-27360

CVE-2025-27360 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Quick Event Calendar . The issue affects the plugin version range “from n/a through 1.4.9,” indicating presence in older builds up to 1.4.9. The description identifies CSRF as the core issue, but th...

CVE-2025-27360 WordPress Quick Event Calendar plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Cross Site Request Forgery.This issue affects Quick Event Calendar: from n/a through = 1.4.9...

WordPress plugin Quick Event Calendar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress plugin Custom Bulk/Quick Edit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

PT-2025-24121 · WordPress · Wp Corner Quick Event Calendar

Name of the Vulnerable Software and Affected Versions: WP Corner Quick Event Calendar versions 1.4.9 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For WP Corner...

CVE-2025-48245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Reflected XSS.This issue affects Quick Contact Form: from n/a through = 8.2.1...

CVE-2025-48245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Reflected XSS.This issue affects Quick Contact Form: from n/a through = 8.2.1...

CVE-2025-48245

The CVE-2025-48245 entry concerns WordPress plugin Quick Contact Form, affected up to version 8.2.1. The underlying issue is improper neutralization of input during web page generation, i.e., a reflected XSS vulnerability. Reported score CVSSv3.1 base 7.1 (HIGH) with network attack vector, low pr...

CVE-2025-48245 WordPress Quick Contact Form plugin <= 8.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1...

CVE-2025-24705

Missing Authorization vulnerability in Arshid WooCommerce Quick View woo-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Quick View: from n/a through = 1.1.1...

CVE-2024-11805

The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submitqlmproducts' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-7822

The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-30281

Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from pscustomer table sush as name / surnam...

CVE-2023-0555

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...

CVE-2023-0553

The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2023-25702

Auth. admin+ Stored Cross-site Scripting XSS vulnerability in Fullworks Quick Paypal Payments plugin = 5.7.25 versions...

CVE-2023-25063

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin = 5.2.3 versions...

CVE-2023-47355

The com.eypcnnapps.quickreboot aka Eyuep Can Yilmaz ROOT Quick Reboot application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery e.g., com.eypcnnapps.quickreboot.widget.PowerOff that are susceptible to unauthorized broadcasts because of missing input validati...