CVE-2025-10731 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

CVE-2025-10731

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is affected up to version 2.2.12. The vulnerability is a SENSITIVE INFORMATION EXPOSURE via the allReminderSettings function, allowing unauthenticated attackers to ob...

GHSA-RWP9-5G7Q-73Q3 OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

CVE-2026-0650 OpenFlagr <= 1.1.18 Authentication Bypass via Prefix Whitelist Path Normalization

OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials...

CVE-2025-13606

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

CVE-2025-54766

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...

CVE-2024-13783

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and iPadOS. An attacker could exploit this vulnerability to expor...

Walchem Intuition 访问控制错误漏洞

Walchem Intuition is a controller from Walchem. An Access Control Error vulnerability exists in versions prior to Walchem Intuition 9 v4.21 that stems from a lack of authentication and could allow an attacker to download and export sensitive data...