WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...

CVE-2026-1673

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is affected by a Cross-Site Request Forgery in versions up to 1.1.5. The root cause is missing nonce validation in the woobe_delete_tax_term() function, enabling unauthenticated actors to...

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.14 and earlier, as well as 6.7.0, contained security vulnerabilities. These vulnerabilities...

GHSA-WH3H-GVC4-CC2G Statamic is missing authorization check on taxonomy term creation via fieldtype

Impact Low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the authorization checks enforced on the standard taxonomy term creation endpoint. Patches This has been...

EUVD-2017-15872

Malware in sbrugna...

EUVD-2024-16579

Malicious code in bioql PyPI...

CVE-2010-3094

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...

WordPress Taxonomy/Term and Role based Discounts for WooCommerce plugin <= 5.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Mika in WordPress Plugin Taxonomy/Term and Role based Discounts for WooCommerce versions = 5.1...

WordPress plugin Taxonomy/Term and Role based Discounts for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

PT-2025-5453 · Woocommerce · Taxonomy/Term/Role Based Discounts For Woocommerce

Name of the Vulnerable Software and Affected Versions: Taxonomy/Term and Role based Discounts for WooCommerce versions n/a through 5.1 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels...

WordPress plugin WOLF security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Drupal cross-site scripting vulnerability via actions feature and trigger module

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...

GHSA-PJMX-4GC6-HWV8 Drupal cross-site scripting vulnerability via actions feature and trigger module

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...

Services - Moderately critical - Access bypass - SA-CONTRIB-2020-022

This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The module's taxonomy term index resource doesn't take into consideration certain access control tags provided but unused by core, that certain contrib modules depend on. This...

WordPress 4.1.x < 4.1.16 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...

WordPress 4.4.x < 4.4.8 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...

WordPress 4.7.x < 4.7.3 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...

WordPress 4.6.x < 4.6.4 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...

WordPress 3.7.x < 3.7.19 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...

Taxonomy Term Reference Tree Widget - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-006

This module provides an expandable tree widget for the Taxonomy Term Reference field in Drupal 7. The module doesn't sufficiently sanitize the output of its own defined field formatter. This vulnerability is mitigated by the fact that an attacker must have a role with the permission that allows t...