25 matches found
CVE-2026-4843
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-4843
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2026-31333
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2026-4843
The CVE-2026-4843 entry concerns the WordPress plugin “GSheet For Woo Importer.” All versions up to 2.3.1 are affected by a missing capability check in process_ajax_restore_action(), enabling authenticated users with Subscriber-level access or higher to delete the plugin’s Google Sheets API token...
PT-2026-42533
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process ajax restore action function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access a...
CVE-2026-25721
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...
EUVD-2026-8979
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...
CVE-2026-25721
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...
CVE-2026-25721
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...
CVE-2026-25721 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...
CVE-2026-25721 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...
CVE-2026-25721
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...
PT-2026-22278
Name of the Vulnerable Software and Affected Versions XWEB Pro versions 1.12.1 and earlier Description A flaw exists that allows a logged-in attacker to execute code on the system remotely. This is achieved by injecting malicious input into the username and/or password fields within the restore...
PT-2025-9811
Name of the Vulnerable Software and Affected Versions VEDA - MultiPurpose WordPress Theme versions up to, and including, 4.2 Description The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input in the veda backup and...
CVE-2025-1106
A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletediraction/restoreaction in the library lib/admin/databaseadmin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CmsEasy 路径遍历漏洞
CmsEasy is a content management system CMS for creating responsive websites from China's CmsEasy company. A path traversal vulnerability exists in CmsEasy version 7.7.7.9, which stems from the library lib/admin/databaseadmin.php where the function deletediraction/restoreaction can lead to a path...
PT-2024-9301 · WordPress · Wp Umbrella
Name of the Vulnerable Software and Affected Versions: WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress versions up to, and including, 2.17.0 Description: The issue is related to Local File Inclusion, which makes it possible for unauthenticated attackers to include and execute...
Warning:Table chb_State.Workers object definition does not match the expected reference schema
The Site test Report shows a warning "Table chbState.Workers object definition does not match the expected reference schema" CDF traces captured from the DDC while running the Ste test show the below messages:...
Design/Logic Flaw
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...
CVE-2014-7288
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...