CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

PT-2026-26858

Name of the Vulnerable Software and Affected Versions e-shot form builder plugin for WordPress versions up to and including 1.0.2 Description The e-shot form builder plugin for WordPress is susceptible to exposure of sensitive information. The eshot form builder get account data function,...

EUVD-2016-1850

Malware in sbrugna...

EUVD-2025-28085

Malicious code in bioql PyPI...

CVE-2025-47461

Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce subaccounts-for-woocommerce allows Authentication Abuse.This issue affects Subaccounts for WooCommerce: from n/a through = 1.6.6...

CVE-2025-47461

Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce subaccounts-for-woocommerce allows Authentication Abuse.This issue affects Subaccounts for WooCommerce: from n/a through = 1.6.6...

CVE-2025-47461 WordPress Subaccounts for WooCommerce plugin <= 1.6.6 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce subaccounts-for-woocommerce allows Authentication Abuse.This issue affects Subaccounts for WooCommerce: from n/a through = 1.6.6...

CVE-2025-47461

CVE-2025-47461 describes an Authentication Bypass in the WordPress plugin “Subaccounts for WooCommerce” (versions up to and including 1.6.6), allowing authentication abuse via an alternate path or channel. The vulnerability affects Subaccounts for WooCommerce and is classified with a high impact ...

PT-2025-22746 · Woocommerce · Subaccounts For Woocommerce

Name of the Vulnerable Software and Affected Versions: Subaccounts for WooCommerce versions 1.6.6 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing Authentication Abuse. Recommendations: For Subaccounts for WooCommerce versions...

WordPress plugin Subaccounts for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-11370

The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-11370

The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-11370 Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting

The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-11370

CVE-2024-11370 concerns the WordPress plugin “Subaccounts for WooCommerce”. The connected sources confirm a reflected Cross-Site Scripting (XSS) weakness caused by improper escaping in URLs using add_query_arg, affecting all versions up to and including 1.6.0. This enables unauthenticated attacke...

CVE-2024-11370 Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting

The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress plugin Subaccounts for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Subaccounts for WooCommerce plugin <= 1.6.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Subaccounts for WooCommerce versions = 1.6.0...

PT-2024-16942 · WordPress · Subaccounts For Woocommerce

Name of the Vulnerable Software and Affected Versions: Subaccounts for WooCommerce plugin for WordPress versions up to, and including, 1.6.0 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web...

WordPress Subaccounts for WooCommerce Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Subaccounts for WooCommerce Type Plugin Vulnerable versions = 1.6.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11370 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e68bad5342df Credits vgo0...

Executor can effectively bypass _checkSubAccountSecurityConfig by adding a new Module

Lines of code Vulnerability details Impact An Executor is an account authorized to perform module execution on a subAccount through the ExecutorPlugin. Gnosis Safe Modules manage to bypass the entire guard logic Safe 1.5 has that new guard hook, but there's also no hook logic done in Brahma. For...