WordPress Product Options and Price Calculation Formulas for WooCommerce - Uni CPO (Premium) plugin <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion vulnerability

WordPress Product Options and Price Calculation Formulas for WooCommerce - Uni CPO Premium plugin = 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion vulnerability discovered by Stefan in WordPress Plugin Uni CPO Premium versions = 4.9.60...

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable due to a missing capability check on uni_cpo_remove_file, allowing unauthenticated attackers to delete arbitrary attachments or files stored in Dropbox when the path is known....

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

CVE-2025-13391 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

WordPress plugin Product Options and Price Calculation Formulas for WooCommerce – Uni CPO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-58900

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes UniTravel unitravel allows PHP Local File Inclusion.This issue affects UniTravel: from n/a through = 1.4.2...

PT-2025-52073

Name of the Vulnerable Software and Affected Versions AncoraThemes UniTravel versions through 1.4.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...

EUVD-2025-144397

Malicious code in heres-matinla-uni npm...

Malicious code in saku-aiaku-uni (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c228a053ae6bd3424ea0cd445973bae501b08819443201c98c1a5832f0ee65d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2006-5661

Malware in sbrugna...

EUVD-2006-4631

Malware in sbrugna...

EUVD-2023-3324

Malicious code in bioql PyPI...

EUVD-2023-58678

Malicious code in bioql PyPI...

EUVD-2025-11972

Malicious code in bioql PyPI...

CVE-2025-10412

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'unicpouploadfile' function in all versions up to, and including, 4.9.55. This makes it possible for...

CVE-2025-10412

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'unicpouploadfile' function in all versions up to, and including, 4.9.55. This makes it possible for...

CVE-2025-10412

CVE-2025-10412 : The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthenticated arbitrary file uploads via the uni_cpo_upload_file function in all versions up to 4.9.54, which may allow remote code execution on the affe...

CVE-2025-10412 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.55 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file'

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'unicpouploadfile' function in all versions up to, and including, 4.9.55. This makes it possible for...