CVE-2025-32524 WordPress MyWorks WooCommerce Sync for QuickBooks Online plugin <= 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online myworks-woo-sync-for-quickbooks-online allows Reflected XSS.This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a throug...

CVE-2025-32524

CVE-2025-32524 is a Reflected Cross-Site Scripting vulnerability in the MyWorks WooCommerce Sync for QuickBooks Online plugin. Affected software: MyWorks WooCommerce Sync for QuickBooks Online. Vulnerable component: the plugin's input handling during web page generation leading to reflected XSS. ...

CVE-2025-31599 WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6...

CVE-2025-31599

CVE-2025-31599 represents an unauthenticated SQL Injection in Bulk Product Sync (WooCommerce) with impact per the CVSS context. According to Wordfence, Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets (

CVE-2025-31599 WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through = 8.6...

WordPress plugin MyWorks WooCommerce Sync for QuickBooks Online 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Sync Posts 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2025-16049 · Unknown · N-Media Bulk Product Sync

Name of the Vulnerable Software and Affected Versions: N-Media Bulk Product Sync versions n/a through 8.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

WordPress plugin Bulk Product Sync SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2025-16057 · Yworks · Myworks Woocommerce Sync For Quickbooks Online

Name of the Vulnerable Software and Affected Versions: MyWorks MyWorks WooCommerce Sync for QuickBooks Online versions 2.9.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting XSS. This...

WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by theviper17 in WordPress Plugin Bulk Product Sync versions = 8.6...

Malicious code in typesense-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 490e72092d3e2b725ff92c6b8bb87fb850509bdd1abbead8e8cb9427a4d92bcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3174 Malicious code in typesense-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 490e72092d3e2b725ff92c6b8bb87fb850509bdd1abbead8e8cb9427a4d92bcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-RR8G-9FPQ-6WMG Tokio broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

Tokio broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

Broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

CVE-2025-31852

Cross-Site Request Forgery CSRF vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through = 8.6...

Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059170 fixes several issues. The following security issues were fixed: CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table bsc1233023. CVE-2024-41062: Sync sock recv cb and release bsc1228578. CVE-2022-48791: Fix use-after-fr...

MAL-2025-3098 Malicious code in fastly-ip-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f926af7de5421ff4d32ead56bc3c4ee74df195c6f8fb78593010535faac8ed0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fastly-ip-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f926af7de5421ff4d32ead56bc3c4ee74df195c6f8fb78593010535faac8ed0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...