VYPR
Vendor

vendor

Products
9
CVEs
12
Across products
12
Status
Private

Products

9

Recent CVEs

12
  • CVE-2026-4001CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.01

    The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to…

  • CVE-2026-22443HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Alliance alliance allows PHP Local File Inclusion.This issue affects Alliance: from n/a through <= 3.1.1.

  • CVE-2026-3958MedMar 11, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/api_server.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out…

  • CVE-2026-7619MedMay 13, 2026
    risk 0.35cvss 6.5epss 0.00

    The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied…

  • CVE-2025-11893MedOct 25, 2025
    risk 0.35cvss 6.5epss 0.00

    The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donation_ids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied…

  • CVE-2026-3569MedApr 24, 2026
    risk 0.34cvss 5.3epss 0.00

    The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions_read() permission callback unconditionally returns true (via __return_true())…

  • CVE-2026-35208MedApr 6, 2026
    risk 0.28cvss 5.4epss 0.00

    lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script…

  • CVE-2026-8463MedMay 13, 2026
    risk 0.27cvss 5.3epss 0.00

    Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input. The auto-detect form of argon2_verify passes encoded_len - 1 as the length argument to memchr without checking that encoded_len is non-zero. When…

  • CVE-2026-3177MedApr 7, 2026
    risk 0.27cvss 5.3epss 0.00

    The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of…

  • CVE-2026-37592LowApr 14, 2026
    risk 0.18cvss 2.7epss 0.00

    Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php.

  • CVE-2023-30247May 12, 2023
    risk 0.00cvss epss 0.01

    File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.

  • CVE-2021-40907Jan 24, 2022
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.