58 matches found
PT-2025-36128
Name of the Vulnerable Software and Affected Versions: Saad Iqbal License Manager for WooCommerce versions through 3.0.12 Description: The software contains an SQL injection flaw that allows for blind SQL injection. This issue is due to improper neutralization of special elements used in an SQL...
CVE-2025-48142
Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through = 1.0.9...
CVE-2025-48142
The connected sources confirm CVE-2025-48142 affects the WordPress plugin Bookify (versions n/a through 1.0.9) and stems from an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Reported for Bookify, Root Cause: flawed privilege handling inside the plugin’s access c...
CVE-2025-54667
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions.This issue affects myCred: from n/a through = 2.9.4.3...
CVE-2025-54668
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.4.3...
CVE-2025-54668
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.4.3...
CVE-2025-54667
Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions.This issue affects myCred: from n/a through = 2.9.4.3...
CVE-2025-54668
CVE-2025-54668: Stored XSS in WordPress plugin myCred up to version 2.9.4.3 due to improper input neutralization during web page generation. Affected software: myCred (WordPress plugin). Impact is stated as Stored Cross-Site Scripting with low to moderate severity (CVSS v3.1 base score 6.5). Reme...
CVE-2025-54667
CVE-2025-54667 describes a TOCTOU race condition in WordPress plugin myCred up to version 2.9.4.3. The vulnerability (CVSSv3.1: 5.3, Network/Low/No user interaction) affects myCred and can enable a race condition exploit related to TOCTOU in the plugin. Remediation per connected sources is to upd...
VulnCheck KEV: CVE-2025-24000
Authentication Bypass Using an Alternate Path or Channel vulnerability in Saad Iqbal Post SMTP post-smtp allows Authentication Bypass.This issue affects Post SMTP: from n/a through = 3.2.0...
VulnCheck KEV: CVE-2024-43354
Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through = 2.7.2...
CVE-2023-25958
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Justin Saad Simple Tooltips plugin = 2.1.4 versions...
CVE-2023-25958
CVE-2023-25958 is an admin+ authenticated, stored cross-site scripting (XSS) vulnerability in the WordPress plugin Simple Tooltips
ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)
Exploit Title: ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting XSS Date: 2023-03-30 CVE: CVE-2023-26692 Exploit Author: Abdulaziz Saad @b4zb0z Vendor Homepage: https://www.zcbs.nl Version: 4.14k Tested on: LAMP, Ubuntu Google Dork: inurl:objecten.pl?ident=3D --- Vulnerability : $GET'ident'...
KLiK SocialMediaWebsite reply-form cross-site scripting vulnerability
KLiK SocialMediaWebsite is a simple PHP based social media website by Muhammad Saad personal developer. A cross-site scripting vulnerability exists in KLiK SocialMediaWebsite version 1.0.1 at reply-form. The vulnerability stems from a lack of effective filtering and escaping of user-supplied data...
KLiK SocialMediaWebsite SQL Injection Vulnerability
KLiK SocialMediaWebsite is a simple PHP based social media website by Muhammad Saad personal developer. KLiK SocialMediaWebsite v1.0.1 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in "profile.php". The vulnerability can be...
Ger Versluis 2000 SQL Injection
-------------------------------------------------------------------------- Ger Versluis 2000 version 5.5 24 SITEfiche.php SQL Injection Vulnerability -------------------------------------------------------------------------- + Author : DeCo017 + Email : 5s5atlivedotfr + Vulnerability : SQL...
Ger Versluis 2000 5.5 24 - SITE_fiche.php SQL Injection
Ger Versluis 2000 5.5 24 - SITEfiche.php SQL Injection -------------------------------------------------------------------------- Ger Versluis 2000 version 5.5 24 SITEfiche.php SQL Injection Vulnerability -------------------------------------------------------------------------- + Author : DeCo01...