218 matches found
CVE-2017-20255
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...
EUVD-2017-18982
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...
CVE-2017-20255 Joomla! Component JB Visa 1.0 SQL Injection via visatype
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...
CVE-2017-20255
This CVE affects the Joomla! extension JB Visa 1.0. The vulnerability is an SQL injection in the visatype parameter that can be exploited via GET requests to index.php with option=com_bookpro and view=popup, allowing unauthenticated attackers to extract sensitive data (credentials and table conte...
EUVD-2026-22853
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the expresspayproductpagepayfororder function logging users in based solely on a user-supplied billing email address during guest checkout for...
WordPress Visa Acceptance Solutions plugin <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email vulnerability
Unauthenticated Authentication Bypass via Billing Email vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Visa Acceptance Solutions versions = 2.1.0...
CVE-2026-3461
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the expresspayproductpagepayfororder function logging users in based solely on a user-supplied billing email address during guest checkout for...
CVE-2026-3461
The CVE concerns the Visa Acceptance Solutions WordPress plugin (
CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the expresspayproductpagepayfororder function logging users in based solely on a user-supplied billing email address during guest checkout for...
CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the expresspayproductpagepayfororder function logging users in based solely on a user-supplied billing email address during guest checkout for...
CVE-2026-3461
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the expresspayproductpagepayfororder function logging users in based solely on a user-supplied billing email address during guest checkout for...
PT-2026-33018
Name of the Vulnerable Software and Affected Versions Visa Acceptance Solutions versions prior to 2.1.1 Description The Visa Acceptance Solutions plugin for WordPress allows unauthenticated attackers to log in as any existing user, including administrators. This occurs because the express pay...
WordPress plugin Visa Acceptance Solutions 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2025-59134
Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through = 1.5.8...
CVE-2025-64464 Out-of-Bounds Read in lvre!VisaWriteFromFile() in NI LabVIEW
There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. Th...
CVE-2025-59134
Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through = 1.5.8...
EUVD-2025-204144
Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through = 1.5.8...
PT-2025-52102
Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through = 1.5.8...
WordPress plugin Sale! Immigration law, Visa services support, Migration Agent Consulting 安全漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Sale...
A week in security (December 8 – December 14)
Last week on Malwarebytes Labs: The US digital doxxing of H-1B applicants is a massive privacy misstep Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer How private is your VPN? DroidLock malware locks you out of your Android device and demands ransom Malwarebytes...