15 matches found
EUVD-2024-31365
Malicious code in bioql PyPI...
EUVD-2025-28093
Malicious code in bioql PyPI...
PT-2025-14137 · Unknown · Wpopal Opal Portfolio
Name of the Vulnerable Software and Affected Versions: wpopal Opal Portfolio versions 1.0.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...
CVE-2024-52444
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through = 1.1.3...
CVE-2024-52444
CVE-2024-52444 affects the WordPress plugin Opal Woo Custom Product Variation (versions
CVE-2024-52444 WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in wpopal Opal Woo Custom Product Variation opal-woo-custom-product-variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through = 1.1.3...
CVE-2024-33649
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9...
CVE-2024-33649 WordPress Opal Widgets For Elementor plugin <= 1.6.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9...
CVE-2024-33649
CVE-2024-33649 is a stored cross-site scripting vulnerability in Opal Widgets For Elementor (WordPress plugin). The issue affects Opal Widgets For Elementor versions up to and including 1.6.9 and requires an authenticated user (Contributor+ context) to trigger the payload. The root cause is impro...
CVE-2022-40700
Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...
CVE-2022-40700
Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...
CVE-2022-40700 Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins
Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...
PT-2024-11631 · Agence Press · Css Adder By Agence-Press
Name of the Vulnerable Software and Affected Versions: Montonio for WooCommerce versions 6.0.1 and earlier Wpopal Core Features versions 1.5.8 and earlier ArcStone wp-amo versions 4.6.6 and earlier WooVirtualWallet – A virtual wallet for WooCommerce versions 2.2.1 and earlier WooVIP – Membership...
WordPress Wpopal Core Features Plugin <= 1.5.8 is vulnerable to Server Side Request Forgery (SSRF)
Software Wpopal Core Features Type Plugin Vulnerable versions = 1.5.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 22112fdee0d7 Credits Dave Jong Patchstack Requir...