5 matches found
CVE-2025-13801
CVE-2025-13801 : The WordPress Yoco Payments plugin is vulnerable to path traversal in the file parameter in versions up to 3.8.8 (per Initial Description). Wordfence’s WordPress Vulnerability Report confirms the issue as present in Yoco Payments <= 3.9.0, enabling unauthenticated attackers to...
CVE-2025-68603
CVE-2025-68603 : Missing Authorization vulnerability in WordPress plugin Editorial Calendar (editorial-calendar) allowing access control misconfiguration. Affected: Editorial Calendar versions ≤ 3.8.8. The provided documents reference a “Missing Authorization” issue for Editorial Calendar in the ...
CVE-2025-66086 WordPress SMS Alert Order Notifications plugin <= 3.8.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through = 3.8.8...
PT-2021-3113 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 to 3.5.17 Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 Description: The issue exists due to insufficient input validation in the virtual learning environment. This allows a remot...
UBUNTU-CVE-2021-20279
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...