339 matches found
CVE-2025-68533 WordPress WC Builder plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through = 1.2.0...
WordPress plugin WC Builder 安全漏洞
WordPress WC Builder is a WooCommerce page builder designed for WordPress websites. A cross-site scripting vulnerability exists in WordPress WC Builder that stems from improper input neutralization during page generation, and no detailed vulnerability details are provided at this time...
PT-2025-53097
Name of the Vulnerable Software and Affected Versions HasThemes WC Builder versions through 1.2.0 Description A flaw exists in HasThemes WC Builder that allows for Stored Cross-Site Scripting XSS. This occurs due to improper neutralization of input during web page generation. The issue allows an...
CVE-2025-12820
The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...
CVE-2025-14054 WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute
The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headingcolor' parameter and multiple other styling parameters of the wpbforwpbakeryproductadditionalinformation shortcode in all versions up to, and including, 1.2.0 d...
WordPress plugin WC Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
CVE-2025-12820
The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...
CVE-2025-12820 Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update
The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...
CVE-2025-12820 Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update
The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...
CVE-2025-64631
Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...
CVE-2025-64631
Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...
PT-2025-51402
Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions through 3.6.15 Description An authorization issue exists in WC Lovers WCFM Marketplace wc-multivendor-marketplace, allowing exploitation due to incorrectly configured access control security levels. The issue allows...
Exploit for CVE-2025-6440
🔓 WC Designer Pro - RCE Exploit Unauthenticated Remote Co...
CVE-2025-11931
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ALSA-2025:20518 Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB CVE-2024-46689 kernel: Squashfs: sanity check...
CVE-2025-53286
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from n/a through = 4.7.2...
CVE-2025-60189
The vulnerability CVE-2025-60189 affects the WordPress plugin PoloPag – Pix Automático para Woocommerce (wc-polo-payments), with Local File Inclusion due to improper control of filenames for include/require statements. Affected version range is <= 2.0.9. The issue enables PHP Local File Inclus...
CVE-2025-53286
CVE-2025-53286 concerns a Cross-Site Scripting (XSS) in the WordPress Dropify plugin integration wc-dropi-integration. Multiple connected sources describe an improper neutralization of user input during web page generation that allows reflected XSS against Dropify releases up to and including ver...
CVE-2025-12468 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Unauthenticated Sensitive Information Exposure
The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...