PT-2026-1579

Name of the Vulnerable Software and Affected Versions Premmerce WooCommerce Customers Manager plugin for WordPress versions through 1.1.14 Description The Premmerce WooCommerce Customers Manager plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to inadequate input...

PT-2026-1259

Name of the Vulnerable Software and Affected Versions jwsthemes FreeAgent versions through 2.1.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for unauthorized access and...

PT-2025-53888

Name of the Vulnerable Software and Affected Versions Atte Moisio AM Events versions through 1.13.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can ...

PT-2025-53795

Name of the Vulnerable Software and Affected Versions Crocoblock JetBlog versions through 2.4.7 Description An authorization issue exists in Crocoblock JetBlog, allowing exploitation of incorrectly configured access control security levels. This can lead to unauthorized access. Recommendations...

PT-2025-53284

Name of the Vulnerable Software and Affected Versions Bit Assist versions through 1.5.11 Description An authorization issue exists in Bit Apps Bit Assist. The problem involves incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations Update B...

PT-2025-44618

Name of the Vulnerable Software and Affected Versions Groundhogg versions through 4.2.6 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be stored on...

PT-2025-43267

Name of the Vulnerable Software and Affected Versions Simple User Registration versions prior to and including 6.4 Description A privilege assignment issue exists in N-Media Simple User Registration. This allows for privilege escalation. Recommendations Update Simple User Registration to a versio...

PT-2025-33160 · Unknown · Idonatepro

Name of the Vulnerable Software and Affected Versions: IDonatePro versions through 2.1.9 Description: IDonatePro is susceptible to a PHP Local File Inclusion due to improper control of filename for include/require statements. This allows for the inclusion of local files. Recommendations: Update...

PT-2025-33228 · WordPress · Yith Woocommerce Popup

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Popup versions through 1.48.0 Description: A Cross-Site Request Forgery CSRF issue exists in YITH WooCommerce Popup, potentially allowing attackers to perform actions on behalf of authenticated users. Recommendations: Update...

PT-2025-32906 · Adobe · Substance3D - Painter

Name of the Vulnerable Software and Affected Versions: Substance3D - Painter versions 11.0.2 and earlier Description: Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read issue that may lead to the disclosure of sensitive memory. Exploitation of this issue...

PT-2025-32761 · Adobe · Illustrator

Name of the Vulnerable Software and Affected Versions: Illustrator versions 28.7.8 and earlier Illustrator version 29.6.1 and earlier Description: Illustrator is susceptible to an out-of-bounds write issue, potentially leading to arbitrary code execution with the privileges of the current user...

PT-2025-1371 · Analytify · Analytify

Name of the Vulnerable Software and Affected Versions: Analytify versions n/a through 4.2.3 Description: The issue is related to a Missing Authorization vulnerability in Analytify. This vulnerability allows unauthorized access due to the lack of proper authorization checks. Recommendations: For...

PT-2024-39458 · Hms Networks · Ewon Flexy 205

Name of the Vulnerable Software and Affected Versions: Ewon Flexy 205 versions through 14.8s0 Description: A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. Recommendations: For Ewon Flexy 205 versions through 14.8s0, update to ...

PT-2024-33257 · Rakuten · Rakuten Turbo 5G

Name of the Vulnerable Software and Affected Versions: Rakuten Turbo 5G firmware versions V1.3.18 and earlier Description: The issue is related to improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This could allow a remote authenticated...

PT-2024-34855 · Unknown · Narnoo Commerce Manager

Name of the Vulnerable Software and Affected Versions: Narnoo Commerce Manager versions 1.6.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

PT-2024-34831 · Elementor · Accordion Title For Elementor

Name of the Vulnerable Software and Affected Versions: Accordion title for Elementor versions 1.2.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker c...

PT-2024-32698 · Wedevs · Wedevs Wp Erp

Name of the Vulnerable Software and Affected Versions: weDevs WP ERP versions 1.13.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For...

PT-2024-30781 · Jegstudio · Jegstudio Gutenverse

Name of the Vulnerable Software and Affected Versions: Jegstudio Gutenverse versions 1.9.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker can...

PT-2024-30319 · Unknown · Antoine Hurkmans Football Pool

Name of the Vulnerable Software and Affected Versions: Antoine Hurkmans Football Pool versions n/a through 2.11.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacke...

PT-2024-37860 · WordPress · Vform

Name of the Vulnerable Software and Affected Versions: VForm plugin for WordPress versions up to, and including, 2.1.5 Description: The VForm plugin for WordPress is affected by a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. This allows...