EUVD-2025-9066

Malicious code in bioql PyPI...

EUVD-2024-48204

Malicious code in bioql PyPI...

EUVD-2025-21655

Malicious code in bioql PyPI...

CVE-2025-48299

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayExtra yayextra allows SQL Injection.This issue affects YayExtra: from n/a through = 1.5.5...

CVE-2025-48299

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayExtra yayextra allows SQL Injection.This issue affects YayExtra: from n/a through = 1.5.5...

CVE-2025-48299 WordPress YayExtra plugin <= 1.5.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayExtra yayextra allows SQL Injection.This issue affects YayExtra: from n/a through = 1.5.5...

CVE-2025-48299

CVE-2025-48299 describes an SQL Injection in the WordPress YayExtra plugin (YayCommerce YayExtra) affecting versions up to 1.5.5. Exploitation details indicate network access with low attack complexity and no user interaction, but the impact is High confidentiality risk and Low availability impac...

CVE-2025-48299 WordPress YayExtra plugin <= 1.5.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayExtra yayextra allows SQL Injection.This issue affects YayExtra: from n/a through = 1.5.5...

WordPress plugin YayExtra SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-29730 · Yaycommerce · Yaycommerce Yayextra

Name of the Vulnerable Software and Affected Versions: YayCommerce YayExtra versions through 1.5.5 Description: YayCommerce YayExtra is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. This allows for potential manipulation of database...

CVE-2025-31415

Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through = 1.5.2...

CVE-2025-31415

Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through = 1.5.2...

CVE-2025-31415

Technical details about CVE-2025-31415 are not provided in the connected documents. The initial description notes a Missing Authorization issue in YayExtra up to v1.5.2, but there are no fix/version specifics or exploit details in the supplied materials.

CVE-2025-31415 WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2...

CVE-2025-31415 WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through = 1.5.2...

PT-2025-14080 · Yayextra · Yayextra

Name of the Vulnerable Software and Affected Versions: YayExtra versions 1.5.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For YayExtra versions 1.5.2 a...

WordPress plugin YayExtra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin YayExtra versions = 1.5.2...

CVE-2024-7257

The YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleuploadfile function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary...

WordPress YayExtra plugin <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function vulnerability

Unauthenticated Arbitrary File Upload via handleuploadfile Function vulnerability discovered by wesley wcraft in WordPress Plugin YayExtra versions = 1.3.7...