Lucene search
K

15 matches found

NVD
NVD
added 2026/04/08 12:16 p.m.6 views

CVE-2026-1672

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the wooberedrawtablerow function. This makes it possibl...

6.5CVSS0.00176EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 11:16 a.m.24 views

CVE-2026-1672 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the wooberedrawtablerow function. This makes it possibl...

6.5CVSS0.00176EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31290

Name of the Vulnerable Software and Affected Versions The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net versions up to and including 1.1.5 Description The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPre...

6.5CVSS5.6AI score0.00176EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: vim (UTSA-2026-006137)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006137 advisory. Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode -s -e, Vim typically doesn't show a screen...

5.5CVSS5.8AI score0.00261EPSS
Exploits0References4
OSV
OSV
added 2026/01/06 3:19 p.m.10 views

CLSA-2026-1767712744 vim: Fix of 2 CVEs

CVE-2025-22134: correctly reset the visual mode before opening other windows and buffers - CVE-2025-24014: skip the redraw attempt that accesses an unallocated variable...

5.5CVSS6.1AI score0.00367EPSS
Exploits0References1
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.7 views

In consistent parameters settings can break the business logic

Lines of code Vulnerability details Impact The usual business logic of the raffle should be that: If a user wins a raffle, he can always claim the NFT before a redraw can be initialized. However, the settings parameters can be set to inconsistent so that a winner may not be able to claim the NFT...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.7 views

Draw organizer can rig the draw to favor certain participants such as their own account.

Lines of code Vulnerability details Description In RandomDraw, the host initiates a draw using startDraw or redraw if the redraw draw expiry has passed. Actual use of Chainlink oracle is done in requestRoll: request.currentChainlinkRequestId = coordinator.requestRandomWords keyHash:...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.6 views

Bad actor can burn VRFCoordinatorV2 LINK's balance

Lines of code Vulnerability details Impact All VRFNFTRandomDraw instances share the same VRFCoordinatorV2 address, and LINK fees are deducted from this smart contract. There are a couple of issues that may be exploited by malicious actor to overinflate calls to VRF and in lead to griefing, e.g. B...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.11 views

In case the winner is the address(0)

Lines of code Vulnerability details Impact Temporary freezing NFT this can be more than one period Proof of Concept On VRFNFTRandomDraw.fulfillRandomWords 254 request.currentChosenTokenId = 255 randomWords0 % tokenRange + 256 settings.drawingTokenStartId; In case ownerOfrequest.currentChosenToken...

6.8AI score
Exploits0
Huntr
Huntr
added 2022/09/25 11:48 a.m.24 views

Stack-based Buffer Overflow in function win_redr_ruler

Description Stack Buffer Overflow in function winredrruler at drawscreen.c:799 . vim version git log commit ec1238b4068d0d6d9d02ac1a8e61720224a1be73 grafted, HEAD - master, tag: v9.0.0582, origin/master, origin/HEAD Proof of Concept poc download url:...

4.4CVSS7.7AI score0.00501EPSS
Exploits1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.13 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress WOOF plugin has a cross-site scripting vulnerability in versions prior to 1.2.6.3, which stems from the lack of escaping of woofredrawelements and can be exploited by attackers to...

6.1CVSS5.3AI score0.01651EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2018/03/14 7:29 p.m.2 views

CVE-2018-8710

A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...

9.8CVSS6.4AI score0.04325EPSS
Exploits0References6
Prion
Prion
added 2018/03/14 7:29 p.m.17 views

Remote code execution

A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...

7.5CVSS9.7AI score0.04325EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/11/30 12:0 a.m.2 views

BigTree CMS 'redraw-field.php' Cross-Site Scripting Vulnerability

BigTree CMS is an open source content management system. A cross-site scripting vulnerability exists in BigTree CMS 'redraw-field.php'. An attacker could exploit the vulnerability to execute arbitrary script code in a user's browser while browsing the affected site to steal cookie-based...

6.7AI score
Exploits0References1
ALT Linux
ALT Linux
added 2005/12/07 12:0 a.m.103 views

Security fix for the ALT Linux 5 package xpdf version 3.01-alt2pl1

Dec. 7, 2005 Victor Forsyuk 3.01-alt2pl1 - Security fix CAN-2005-3193. - Updated japanese and korean support packages. - Fix allocation size for 64bit architecture. - Fix to don't use freetype internals. - Apply upstream patch to fix resize/redraw...

5.1CVSS6.3AI score0.04082EPSS
Exploits0
Rows per page
Query Builder