PT-2026-38831

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

Slackware Linux 15.0 / current libxml2 Multiple Vulnerabilities (SSA:2025-050-01)

The version of libxml2 installed on the remote host is prior to 2.11.9 / 2.13.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-050-01 advisory. New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted t...

CVE-2025-0511

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2025-6789 · WordPress · Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce plugin for WordPress versions up to, and including, 2.11.9 Description: The issue is related to Stored Cross-Site Scripting via the name parameter due to insufficient input sanitization and output escaping. This allows...

WordPress plugin Welcart e-Commerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...