Lucene search
K

522 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-57810

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...

8.5CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57810 WordPress APIExperts Square for WooCommerce plugin <= 4.7.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...

8.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-57810

CVE-2026-57810 describes a SQL injection in the WordPress plugin APIExperts Square for WooCommerce (woosquare), affecting versions up to and including 4.7.4. The vulnerability is characterized as blind SQL injection due to improper neutralization of special elements in SQL queries. The provided d...

8.5CVSS6.1AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-12738

The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.5.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00213EPSS
Exploits0References5
Patchstack
Patchstack
added 6 days ago5 views

WordPress APIExperts Square for WooCommerce plugin <= 4.7.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Averon Averenkov in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.4...

8.5CVSS6.1AI score0.00211EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:26 p.m.34 views

CVE-2026-54848 WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:26 p.m.4 views

CVE-2026-54848

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:26 p.m.23 views

CVE-2026-54848

WordPress plugin APIExperts Square for WooCommerce, version

8.3CVSS5.8AI score0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52423

Name of the Vulnerable Software and Affected Versions APIExperts Square for WooCommerce versions prior to 4.7.4 Description An issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This flaw is network-exploitable and requires no...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2026/06/20 9:30 a.m.16 views

Hackers Claim to Leak Stolen Madison Square Garden Data

Plus: Gay bars in San Francisco using face scanners, France quits Palantir, Apple plans to change its private email, and more...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/06/18 2:21 p.m.6 views

WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.8 views

CVE-2026-7533

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.5AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45211

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

8.5CVSS5.6AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 6:16 a.m.14 views

CVE-2026-7533

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS0.00135EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:30 a.m.16 views

CVE-2026-7533

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References9
CVE
CVE
added 2026/05/28 5:30 a.m.20 views

CVE-2026-7533

The CVE concerns the Easy Digital Downloads WordPress plugin (versions up to and including 3.6.7). The root cause is missing nonce verification in handle_oauth_redirect(), which runs on admin_init and processes Square OAuth tokens from a user-supplied GET parameter without CSRF token validation. ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/28 5:30 a.m.38 views

CVE-2026-7533 Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS0.00135EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/28 5:30 a.m.12 views

CVE-2026-7533 Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 5:30 a.m.12 views

EUVD-2026-32725

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the handleoauthredirect function, which is registered on the admininit hook and processes Square OAuth tokens from ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin Easy Digital Downloads 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
Rows per page
Query Builder