365581 matches found
MAL-2025-9301 Malicious code in @sellerly-kit/dropdown-bottom-sheet (npm)
The package @sellerly-kit/dropdown-bottom-sheet was found to contain malicious code...
Malicious code in @sellerly-kit/dropdown-bottom-sheet (npm)
The package @sellerly-kit/dropdown-bottom-sheet was found to contain malicious code...
Malicious code in @sellerly-kit/bottom-sheet (npm)
The package @sellerly-kit/bottom-sheet was found to contain malicious code...
MAL-2025-7056 Malicious code in @amber-team/export-events-to-sheet (npm)
The package @amber-team/export-events-to-sheet was found to contain malicious code...
MAL-2025-9295 Malicious code in @sellerly-kit/bottom-sheet (npm)
The package @sellerly-kit/bottom-sheet was found to contain malicious code...
CVE-2025-54030
Cross-Site Request Forgery CSRF vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through = 1.3.20...
WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WooCommerce Google Sheet Connector versions = 1.3.20...
CVE-2025-54030 WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through = 1.3.20...
CVE-2025-54030
CVE-2025-54030 describes a CSRF vulnerability in the WordPress plugin “GSheetConnector” (WooCommerce Google Sheet Connector). The issue affects versions n/a through 1.3.20 and could allow an authenticated attacker to perform actions on behalf of a logged-in user. Connected sources confirm the ven...
CVE-2025-54030 WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector allows Cross Site Request Forgery. This issue affects WooCommerce Google Sheet Connector: from n/a through 1.3.20...
CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...
CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...
CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...
InvenTree 安全漏洞
InvenTree is an open source inventory management system from InvenTree Open Source. It provides powerful low-level inventory control and parts tracking. A security vulnerability exists in InvenTree versions prior to 0.17.13, which stems from an uncapped skip field in the built-in label-sheet...
WordPress plugin OpenSheetMusicDisplay 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-1562
The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin...
CVE-2024-6532
The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWTSheetTable shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
CVE-2024-13670
The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pnmsv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...
CVE-2023-2329
The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...