3 matches found
CVE-2025-15147 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...
PT-2025-32359 · Unknown · Statamic Core
Name of the Vulnerable Software and Affected Versions: Statamic Core versions prior to 2.11.8 Description: The /users endpoint is susceptible to cross-site scripting XSS, potentially allowing an attacker to add an administrator user. Exploitation can occur through Cross-Site Request Forgery CSRF...
libxml2 安全漏洞
libxml2 is an open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, XSH. A security vulnerability exists in libxml2 versions prior to 2.11.8, 2.12.x through 2.12.7, which stems from the use of the xmllint --htmlout formatting error...