CVE-2025-32579

Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through = 1.0...

CVE-2025-32524

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online myworks-woo-sync-for-quickbooks-online allows Reflected XSS.This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a throug...

CVE-2025-31599

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through = 8.6...

CVE-2025-32579 WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through = 1.0...

CVE-2025-32579 WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts allows Upload a Web Shell to a Web Server. This issue affects Sync Posts: from n/a through 1.0...

CVE-2025-32524

CVE-2025-32524 is a Reflected Cross-Site Scripting vulnerability in the MyWorks WooCommerce Sync for QuickBooks Online plugin. Affected software: MyWorks WooCommerce Sync for QuickBooks Online. Vulnerable component: the plugin's input handling during web page generation leading to reflected XSS. ...

CVE-2025-32524 WordPress MyWorks WooCommerce Sync for QuickBooks Online plugin <= 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online allows Reflected XSS. This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a through 2.9.1...

CVE-2025-32524 WordPress MyWorks WooCommerce Sync for QuickBooks Online plugin <= 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MyWorks MyWorks WooCommerce Sync for QuickBooks Online myworks-woo-sync-for-quickbooks-online allows Reflected XSS.This issue affects MyWorks WooCommerce Sync for QuickBooks Online: from n/a throug...

CVE-2025-31599 WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6...

CVE-2025-31599

CVE-2025-31599 represents an unauthenticated SQL Injection in Bulk Product Sync (WooCommerce) with impact per the CVSS context. According to Wordfence, Bulk Product Sync – Bulk Product Editor for WooCommerce with Google Sheets (

CVE-2025-31599 WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync: from n/a through = 8.6...

WordPress plugin Bulk Product Sync SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin MyWorks WooCommerce Sync for QuickBooks Online 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-16049 · Unknown · N-Media Bulk Product Sync

Name of the Vulnerable Software and Affected Versions: N-Media Bulk Product Sync versions n/a through 8.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

PT-2025-16057 · Yworks · Myworks Woocommerce Sync For Quickbooks Online

Name of the Vulnerable Software and Affected Versions: MyWorks MyWorks WooCommerce Sync for QuickBooks Online versions 2.9.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting XSS. This...

WordPress plugin Sync Posts 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by theviper17 in WordPress Plugin Bulk Product Sync versions = 8.6...

Malicious code in typesense-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 490e72092d3e2b725ff92c6b8bb87fb850509bdd1abbead8e8cb9427a4d92bcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3174 Malicious code in typesense-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 490e72092d3e2b725ff92c6b8bb87fb850509bdd1abbead8e8cb9427a4d92bcd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Tokio broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...