5 matches found
PT-2026-2841
The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowed-hosts' parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-13511
The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settingsinit function, which processes a reset action based on specific query...
PT-2025-4562 · Unknown · Icons Enricher
Name of the Vulnerable Software and Affected Versions: Icons Enricher versions 1.0.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject malicious scripts...
PT-2024-14124 · Unknown · Universal Passport Rx
Name of the Vulnerable Software and Affected Versions: UNIVERSAL PASSPORT RX versions 1.0.0 through 1.0.8 Description: A cross-site scripting issue exists, which may allow a remote authenticated attacker with administrative privileges to execute an arbitrary script on the user's web browser...
PT-2024-16793 · Openbi · Openbi
Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical issue has been found, affecting the function index of the file /application/plugins/controller/Upload.php. This leads to unrestricted upload and can be exploited remotely. The issue has been...