| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions. |
| Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions. |
| Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions. |
| Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions. |
| Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions. |
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions. |
| Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions. |
| Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions. |
| Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without using an absolute path after setting the working directory to the installation contextMenu directory. If an attacker can pre-place a malicious powershell.exe in a user-writable custom installation directory, and a privileged user later runs the installer and selects that directory, the attacker-controlled executable is launched with the elevated privileges of the installer. This vulnerability is fixed in 8.9.6. |
| Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions. |
| Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. |
| Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions. |
| Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions. |
| Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions. |
| Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:3658) in the feedUserCmds() function and stored in UserCommand._cmd without any validation. When the user clicks the corresponding entry in the Run menu, NppCommands.cpp:4264 creates a Command object with string2wstring(ucmd.getCmd()) and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. The injected command appears as a normal menu item in the Run menu, making it a viable persistence mechanism. This vulnerability is fixed in 8.9.6.1. |
