WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin WCFM Marketplace versions = 3.7.1...

CVE-2025-56313

CVE-2025-56313 : A reflected XSS in JATOS (versions 3.7.1–3.9.6) affects the /publix/run endpoint where a malicious payload placed in the URL parameter “code” can execute in an authenticated admin’s browser. Root cause: insufficient input filtering on the code parameter. Impact: potential unautho...

Linux Distros Unpatched Vulnerability : CVE-2019-10188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz...

PT-2025-1515 · Unknown · Dologin Security

Name of the Vulnerable Software and Affected Versions: DoLogin Security versions 3.7.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For DoLogin...

PT-2023-23845 · WordPress · Shortpixel Adaptive Images

Name of the Vulnerable Software and Affected Versions: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin versions = 3.7.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...

CVE-2023-40561

Cross-Site Request Forgery CSRF vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin = 3.7.1 versions...

SUSE CVE-2010-4569

Cross-site scripting XSS vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI...

PT-2023-16234 · WordPress · Custom 404 Pro

Name of the Vulnerable Software and Affected Versions: Custom 404 Pro plugin for WordPress versions up to, and including, 3.7.1 Description: The issue is due to missing or incorrect nonce validation on the custom 404 pro admin init function, making it possible for unauthenticated attackers to...

UBUNTU-CVE-2019-10187

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to...

PT-2003-1108 · Openssh +1 · Openssh-Server +5

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 3.7.1 OpenSSH-server versions 3.1p1 through 3.4p1 OpenSSH-askpass versions 3.1p1 through 3.4p1 OpenSSH-askpass-gnome versions 3.1p1 through 3.4p1 OpenSSH-clients versions 3.1p1 through 3.4p1 Description: The issue...