60 matches found
CVE-2026-1902
CVE-2026-1902 : The Hammas Calendar plugin for WordPress is vulnerable to a stored cross-site scripting (XSS) flaw via the apix parameter in the short-code hp-calendar-manage-redirect for all versions up to and including 1.5.11 . Exploitation requires an authenticated user with Contributor+ privi...
CVE-2026-1902
The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apix' parameter in the 'hp-calendar-manage-redirect' shortcode in all versions up to, and including, 1.5.11 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-23812
The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apix' parameter in the 'hp-calendar-manage-redirect' shortcode in all versions up to, and including, 1.5.11 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2025-205239
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through = 1.5.11...
CVE-2025-68596
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through = 1.5.11...
CVE-2025-68596
CVE-2025-68596 is a Missing Authorization issue affecting Bit Assist (Bit Apps) WordPress plugin. Wordfence details show Bit Assist vulnerable up to version 1.5.11; no exact exploit details or remediation provided in the connected sources. Monitoring for vendor advisories and patches is advised.
CVE-2025-68596 WordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through = 1.5.11...
WordPress plugin Bit Assist 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Bit Assist versions = 1.5.11...
CVE-2025-52773 WordPress HieCOR Payment Gateway plugin plugin <= 1.5.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...
CVE-2025-52773 WordPress HieCOR Payment Gateway plugin plugin <= 1.5.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...
CVE-2025-52773
CVE-2025-52773 affects the WordPress plugin HieCOR Payment Gateway Plugin (hcv4-payment-gateway)
WordPress plugin HieCOR Payment Gateway Plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
PT-2025-45217
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...
CVE-2025-62020 WordPress VOD Infomaniak plugin <= 1.5.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through = 1.5.11...
CVE-2025-62020 WordPress VOD Infomaniak plugin <= 1.5.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through = 1.5.11...
WordPress VOD Infomaniak plugin <= 1.5.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin VOD Infomaniak versions = 1.5.11...
Dagster 安全漏洞
Dagster is a Dagster open source orchestration platform for developing, producing and observing data assets. A security vulnerability exists in Dagster 1.5.11 and earlier versions that stems from improper handling of the logs endpoint, which could lead to the disclosure of sensitive information...
CVE-2023-47186
Cross-Site Request Forgery CSRF vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin = 1.5.11 versions...
CVE-2023-24396
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...