18 matches found
EUVD-2024-22211
Malicious code in bioql PyPI...
EUVD-2025-10546
Malicious code in bioql PyPI...
CVE-2025-32378
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...
PT-2025-15708 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.10.3 Shopware versions prior to 6.5.8.17 Description: The issue concerns the default settings for double-opt-in in Shopware, which allows for mass unsolicited newsletter sign-ups without confirmation...
CVE-2024-24848
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a...
CVE-2024-7491
The CVE-2024-7491 entry concerns HUSKY – Products Filter Professional for WooCommerce for WordPress. It is an Insecure Direct Object Reference via the woof_messenger_remove_subscr AJAX action, caused by missing validation on the user-controlled key. Affected versions are up to and including 1.3.6...
CVE-2024-7491 HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woofmessengerremovesubscr AJAX action due to missing validation on the 'key' user controlled key. This makes it...
CVE-2024-24848
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a...
CVE-2024-24848
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a...
CVE-2024-24848 WordPress PT Sign Ups Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a...
CVE-2024-24848
PT Sign Ups – Beautiful volunteer sign ups and management made easy (WordPress plugin by MJS Software PT)
CVE-2024-24848 WordPress PT Sign Ups Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a...
WordPress plugin PT Sign Ups Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress PT Sign Ups Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software PT Sign Ups Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24848 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c0bd535867dc Credits Faizal Abroni Required privilege...
CVE-2022-44005
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail...
CVE-2021-4191
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...
CVE-2021-41109 LiveQuery publishes user session tokens
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...