| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC CartFlows Pro allows Cross Site Request Forgery.This issue affects CartFlows Pro: from n/a through 1.11.12. |
| Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7. |
| Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64. |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. |
| Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24. |
| Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12. |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. |
| Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25. |
| Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. |
| Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0. |
| Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0. |
