CVE-2026-5488

The CVE-2026-5488 issue affects the ExactMetrics – Google Analytics Dashboard for WordPress plugin (WordPress). It stems from missing capability checks in two AJAX handlers (get_ads_access_token() and reset_experience()), allowing authenticated users with subscriber-level access or higher to retr...

EUVD-2026-25393

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

WordPress ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval vulnerability

Authenticated Subscriber+ Missing Authorization to Google Ads Access Token Retrieval vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin ExactMetrics versions = 9.1.2...

EUVD-2026-16095

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

CVE-2025-69378

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through = 9.1.2...

CVE-2025-69378

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through = 9.1.2...

CVE-2025-69378 WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through = 9.1.2...

CVE-2025-69378 WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through = 9.1.2...

PT-2026-21159

Name of the Vulnerable Software and Affected Versions XforWooCommerce Product Filter for WooCommerce versions through 9.1.2 Description A privilege assignment issue exists in XforWooCommerce Product Filter for WooCommerce prdctfltr. This allows for privilege escalation. Recommendations Update...

WordPress plugin Product Filter for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Product Filter for WooCommerce versions = 9.1.2...

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...

CVE-2025-67281

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content...

CVE-2024-39666

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2...

PT-2026-1876

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data...

CVE-2025-67281

TIM BPM Suite/TIM FLOW (through 9.1.2) contains multiple SQL injection flaws that could let a low-privileged or administrative user access the database and its contents. Affected component is the SQL execution areas in the application; root cause is SQL injection vulnerabilities disclosed across ...

EUVD-2024-38171

Malicious code in bioql PyPI...

Sunbird DCIM dcTrack 安全漏洞

Sunbird DCIM dcTrack is an asset monitoring and management software from Sunbird DCIM. A security vulnerability exists in Sunbird DCIM dcTrack version v9.1.2, which stems from the presence of an HTML injection vulnerability that allows an attacker authenticated as an administrator to inject...

WordPress Really Simple Security Pro Plugin 9.0.x < 9.1.2 Authentication Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:reallysimplesecurity:reallysimplesecuritypro"; if descriptio...

WordPress Really Simple Security Plugin 9.0.x < 9.1.2 Authentication Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:reallysimplesecurity:reallysimplesecurity"; if description...