PT-2025-43182

Name of the Vulnerable Software and Affected Versions MultiVendorX versions through 4.2.23 Description A missing authorization issue exists in MultiVendorX dc-woocommerce-multi-vendor. The issue allows access to functionality that is not properly constrained by Access Control Lists ACLs...

WordPress MultiVendorX Marketplace plugin <= 4.1.17 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin MultiVendorX versions = 4.1.17...

CVE-2024-37270 WordPress TrustedLogin Vendor plugin < 1.1.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1...

rust-toolset:rhel8 bug fix and enhancement update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. Rust Toolset has been updated to version 1.47.0 BZ1883839. For detailed information on changes in this release, see the AlmaLinux.1...

WordPress YITH WooCommerce Multi Vendor plugin <=3.4.0 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Multi Vendor plugin versions =3.4.0. Solution Update the WordPress YITH WooCommerce Multi Vendor plugin to the latest available version at least 3.4.1...

Command injection

vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the 1 mysqldump command line in the capture function and 2 mysql command line in the restore function, which allows local users to obtain sensitive information by listing the...