15 matches found
CVE-2026-28093
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Ozisti ozisti allows PHP Local File Inclusion.This issue affects Ozisti: from n/a through = 1.1.10...
WordPress HelloAsso plugin <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update vulnerability
Missing Authorization to Authenticated Contributor+ Limited Options Update vulnerability discovered by Peter Thaleikis in WordPress Plugin HelloAsso versions = 1.1.10...
CVE-2026-0824
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...
CVE-2026-0824 questdb ui Web Console cross site scripting
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...
WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by powpy in WordPress Plugin Order Cancellation & Returns for WooCommerce versions = 1.1.11...
CVE-2025-13440
CVE-2025-13440 affects Premmerce Wishlist for WooCommerce (WordPress). The flaw is Missing Authorization via deleteWishlist(), allowing authenticated users with Subscriber+ access to delete arbitrary wishlists in versions up to 1.1.10. Root cause: missing capability check in the deleteWishlist() ...
CVE-2025-13440 Premmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion
The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist function. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2025-60191
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a throug...
CVE-2025-64285
CVE-2025-64285 affects the WordPress plugin Premmerce Wholesale Pricing for WooCommerce (versions through 1.1.10). Root cause: missing authorization due to incorrectly configured access control security levels, enabling potential unauthorized access. Impact: broken access control could allow priv...
CVE-2025-64285 WordPress Premmerce Wholesale Pricing for WooCommerce plugin <= 1.1.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through = 1.1.10...
EUVD-2025-35553
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.10...
WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Hydra Booking versions = 1.1.10...
WordPress Replace Image plugin <= 1.1.10 - Authenticated Insecure Direct Object Reference vulnerability
Authenticated Insecure Direct Object Reference vulnerability discovered by Jin Hao Chan in WordPress Plugin Replace Image versions = 1.1.10...
CVE-2022-36365
Multiple Authenticated contributor+ Stored Cross-Site Scripting XSS vulnerabilities in WHA Crossword plugin = 1.1.10 at WordPress...
VLC Media Player '.RM' File BOF Vulnerability (Windows)
The host is installed with VLC Media Player and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodvlcmediaplayerrmbofvulnwin.nasl 8174 2017-12-19 12:23:25Z cfischer $ VLC Media Player '.RM' File BOF Vulnerability Windows Authors: Madhuri D Copyright: Copyright c 201...