mall 授权问题漏洞

Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization-related vulnerabilities. These vulnerabilities stemmed from improper authorization in the...

ml-toolkit-ts (>=1.0.0 <=1.0.3) potentially affected by CVE-2026-45321 via @ml-toolkit-ts/xgboost (=1.0.2)

@ml-toolkit-ts/xgboost NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @ml-toolkit-ts/xgboost and may be impacted: - ml-toolkit-ts =1.0.0, =1.0.3 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-MLTOOLKITTSXGBOOST-16640339...

WordPress WP-Redirection plugin <= 1.0.3 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP-Redirection versions = 1.0.3...

WordPress Taqnix plugin <= 1.0.3 - Cross-Site Request Forgery to Account Deletion vulnerability

Cross-Site Request Forgery to Account Deletion vulnerability discovered by theviper17y in WordPress Plugin Taqnix versions = 1.0.3...

CVE-2026-22413 WordPress Malgré theme <= 1.0.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Malgré malgre allows PHP Local File Inclusion.This issue affects Malgré: from n/a through = 1.0.3...

WordPress plugin Malgré 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Lizza LMS Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

mall 授权问题漏洞

Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization issues and vulnerabilities. These vulnerabilities stemmed from authentication flaws in the...

WordPress Chapa Payment Gateway Plugin for WooCommerce plugin <= 1.0.3 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Chapa Payment Gateway Plugin for WooCommerce versions = 1.0.3...

WordPress plugin Flat Shipping Rate by City for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress Flat Shipping Rate by City for WooCommerce plugin, which stems from insufficient cleaning and escaping of the cities...

CVE-2025-23735

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cosmin Schiopu Infugrator infugrator allows Reflected XSS.This issue affects Infugrator: from n/a through = 1.0.3...

EUVD-2025-202994

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted input from the lpblocks cookie. This is due to the lptrack function passing unsanitized cookie data directly to the unserialize function...

CVE-2025-13311 Just Highlight <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting

The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

EUVD-2018-2034

Malware in sbrugna...

PT-2025-39618

Name of the Vulnerable Software and Affected Versions Terry L. SEO Search Permalink versions through 1.0.3 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Stored Cross-site Scripting XSS. This means an...

WordPress plugin Travel Map 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

mall 安全漏洞

mall is an e-commerce system for macro individual developers, including the front-end mall system and back-end management system. A security vulnerability exists in mall 1.0.3 and earlier versions, which stems from an authorization bypass due to incorrect operation of the parameter orderId in the...

Linux Distros Unpatched Vulnerability : CVE-2022-23518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...

CVE-2025-28962

Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics advanced-google-universal-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Universal Analytics: from n/a through = 1.0.3...

CVE-2025-26934

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in graphthemes Glossy Blog glossy-blog allows Stored XSS.This issue affects Glossy Blog: from n/a through = 1.0.3...