| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo a1post-bg-shipping-for-woocommerce allows Privilege Escalation.This issue affects A1POST.BG Shipping for Woo: from n/a through <= 1.5. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows PHP Local File Inclusion.This issue affects Booking and Rental Manager: from n/a through <= 2.2.8. |
| Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.33. |
| Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeplugs Authorsy authorsy allows Stored XSS.This issue affects Authorsy: from n/a through <= 1.0.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <= 5.7.46. |
| Insertion of Sensitive Information Into Sent Data vulnerability in Shipmondo Shipmondo – A complete shipping solution for WooCommerce pakkelabels-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Shipmondo – A complete shipping solution for WooCommerce: from n/a through <= 5.0.3. |
| Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through <= 1.4.0. |
| Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through <= 1.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler wireless-butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through <= 1.0.11. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Code Injection.This issue affects Sign-up Sheets: from n/a through <= 2.3.0.1. |
| Missing Authorization vulnerability in Anton Vanyukov Market Exporter market-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Market Exporter: from n/a through <= 2.0.21. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite zigaform-calculator-cost-estimation-form-builder-lite allows Stored XSS.This issue affects Zigaform – Price Calculator & Cost Estimation Form Builder Lite: from n/a through <= 7.4.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Reflected XSS.This issue affects Atarim: from n/a through <= 4.1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza wppizza allows Reflected XSS.This issue affects WPPizza: from n/a through <= 3.19.4. |
| Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1006. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform zigaform-form-builder-lite allows Stored XSS.This issue affects Zigaform: from n/a through <= 7.4.2. |
