| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Any unauthenticated attacker can bypass the localhost
restrictions posed by the application and utilize this to create
arbitrary packages |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-builder allows Stored XSS.This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through <= 2.1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget Popup smartarget-popup allows Stored XSS.This issue affects Smartarget Popup: from n/a through <= 1.5. |
| Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers.This issue affects Beefull App: before 24.07.2025. |
| Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce sticky-add-to-cart-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through <= 1.4.9. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Directorist AddonsKit for Elementor addonskit-for-elementor allows Stored XSS.This issue affects Directorist AddonsKit for Elementor: from n/a through <= 1.1.6. |
| Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1. |
| AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked. |
| Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool feedbucket allows Cross Site Request Forgery.This issue affects Feedbucket – Website Feedback Tool: from n/a through <= 1.0.6. |
| microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and concat functions to extract sensitive database information like the current database name. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.5.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPOrbit Support Perfect Font Awesome Integration perfect-font-awesome-integration allows Stored XSS.This issue affects Perfect Font Awesome Integration: from n/a through <= 2.3. |
| Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1. |
| Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Agency Toolkit: from n/a through <= 1.0.24. |
| Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce ship-depot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipDepot for WooCommerce: from n/a through <= 1.2.19. |
| Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP AutoKeyword: from n/a through <= 1.0. |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Galaxy Weblinks WP Clone any post type wp-clone-any-post-type allows Phishing.This issue affects WP Clone any post type: from n/a through <= 3.6. |
| Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. |
| Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type wp-clone-any-post-type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Clone any post type: from n/a through <= 3.6. |
