Lucene search
+L

339 matches found

Cvelist
Cvelist
added 2025/12/24 12:31 p.m.31 views

CVE-2025-68533 WordPress WC Builder plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through = 1.2.0...

6.5CVSS0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

WordPress plugin WC Builder 安全漏洞

WordPress WC Builder is a WooCommerce page builder designed for WordPress websites. A cross-site scripting vulnerability exists in WordPress WC Builder that stems from improper input neutralization during page generation, and no detailed vulnerability details are provided at this time...

6.5CVSS5.7AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.11 views

PT-2025-53097

Name of the Vulnerable Software and Affected Versions HasThemes WC Builder versions through 1.2.0 Description A flaw exists in HasThemes WC Builder that allows for Stored Cross-Site Scripting XSS. This occurs due to improper neutralization of input during web page generation. The issue allows an...

5.4CVSS5.6AI score0.00139EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/21 6:15 a.m.10 views

CVE-2025-12820

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...

5.3CVSS6.6AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/21 2:20 a.m.24 views

CVE-2025-14054 WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute

The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headingcolor' parameter and multiple other styling parameters of the wpbforwpbakeryproductadditionalinformation shortcode in all versions up to, and including, 1.2.0 d...

4.4CVSS0.00199EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/21 12:0 a.m.6 views

WordPress plugin WC Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

4.4CVSS5.9AI score0.00199EPSS
Exploits0References5
NVD
NVD
added 2025/12/20 6:15 a.m.4 views

CVE-2025-12820

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...

5.3CVSS0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/20 6:0 a.m.3 views

CVE-2025-12820 Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...

6.2AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/20 6:0 a.m.26 views

CVE-2025-12820 Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...

0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.4 views

CVE-2025-64631

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

4.9CVSS5.9AI score0.00298EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 9:15 a.m.4 views

CVE-2025-64631

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

4.9CVSS0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51402

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions through 3.6.15 Description An authorization issue exists in WC Lovers WCFM Marketplace wc-multivendor-marketplace, allowing exploitation due to incorrectly configured access control security levels. The issue allows...

5CVSS6.5AI score0.00298EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/11/29 6:52 p.m.267 views

Exploit for CVE-2025-6440

🔓 WC Designer Pro - RCE Exploit Unauthenticated Remote Co...

9.8CVSS7.8AI score0.31827EPSS
Exploits12
AlpineLinux
AlpineLinux
added 2025/11/21 10:57 p.m.4 views

CVE-2025-11931

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...

8.2CVSS6.9AI score0.00303EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.13 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.8CVSS7.4AI score0.00535EPSS
Exploits1References121
OSV
OSV
added 2025/11/11 12:0 a.m.18 views

ALSA-2025:20518 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...

7.8CVSS6.8AI score0.00535EPSS
Exploits1References225
NVD
NVD
added 2025/11/06 4:15 p.m.5 views

CVE-2025-53286

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from n/a through = 4.7.2...

7.1CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:54 p.m.8 views

CVE-2025-60189

The vulnerability CVE-2025-60189 affects the WordPress plugin PoloPag – Pix Automático para Woocommerce (wc-polo-payments), with Local File Inclusion due to improper control of filenames for include/require statements. Affected version range is &lt;= 2.0.9. The issue enables PHP Local File Inclus...

7.5CVSS5.3AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:54 p.m.16 views

CVE-2025-53286

CVE-2025-53286 concerns a Cross-Site Scripting (XSS) in the WordPress Dropify plugin integration wc-dropi-integration. Multiple connected sources describe an improper neutralization of user input during web page generation that allows reflected XSS against Dropify releases up to and including ver...

7.1CVSS5.9AI score0.00216EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/05 9:27 a.m.10 views

CVE-2025-12468 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Unauthenticated Sensitive Information Exposure

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...

5.3CVSS0.00351EPSS
Exploits0References3
Rows per page
Query Builder