32 matches found
EUVD-2026-42844
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Scan Schedule Modification vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...
CVE-2026-12136
The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...
EUVD-2026-37859
The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...
CVE-2026-8502
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
CVE-2026-48865
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
CVE-2025-71242 SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...
CVE-2025-71241
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...
EUVD-2024-30262
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6...
[SECURITY] Fedora 43 Update: singularity-ce-4.3.6-1.fc43
SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure...
EUVD-2024-32465
Malicious code in bioql PyPI...
EUVD-2024-35398
Malicious code in bioql PyPI...
CVE-2024-32444
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6...
CVE-2024-35637
Server-Side Request Forgery SSRF vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.3.6...
WordPress Popup box Plugin <= 4.3.6 is vulnerable to Broken Access Control
Software Popup box Type Plugin Vulnerable versions = 4.3.6 Fixed in 4.3.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3897 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a8831019ec23 Credits Krzysztof Zając Required privilege...
WordPress Plugin Paytium 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2018-19945
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerabilit...
Code injection
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...
Remote Memory Exposure in mongoose
Versions of mongoose before 4.3.6, 3.8.39 are vulnerable to remote memory exposure. Trying to save a number to a field of type Buffer on the affected mongoose versions allocates a chunk of uninitialized memory and stores it in the database. Recommendation Update to version 4.3.6, 3.8.39 or later...
[SECURITY] Fedora 30 Update: dhcp-4.3.6-38.fc30
DHCP Dynamic Host Configuration Protocol...