High - CVE-2024-13558 - The NP Quote Request for WooCommerce plugin for...
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user...
Medium - CVE-2024-13920 - The Order Export & Order Import for WooCommerce...
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. This makes it...
High - CVE-2024-13921 - The Order Export & Order Import for WooCommerce...
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from...
Low - CVE-2024-13922 - The Order Export & Order Import for WooCommerce...
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all...
High - CVE-2024-13923 - The Order Export & Order Import for WooCommerce...
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. This...
Medium - CVE-2025-1802 - The HT Mega – Absolute Addons For Elementor...
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘marker_title’, 'notification_content', and...
NA - CVE-2025-27888 - Severity: medium (5.8) / important
Server-Side...
Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted...
NA - CVE-2025-2311 - Incorrect Use of Privileged APIs, Cleartext...
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows...
High - CVE-2025-2539 - The File Away plugin for WordPress is...
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes...