VYPR
Vendor

Zingiri

Products
3
CVEs
7
Across products
7
Status
Private

Products

3

Recent CVEs

7
  • CVE-2012-6506Jan 24, 2013
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.

  • CVE-2012-5295Oct 4, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.

  • CVE-2019-25442Feb 22, 2026
    risk 0.00cvss epss 0.00

    Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive…

  • CVE-2023-53978Dec 22, 2025
    risk 0.00cvss epss 0.00

    myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the…

  • CVE-2012-4920Apr 4, 2014
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.

  • CVE-2012-4033Jul 18, 2012
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.

  • CVE-2012-0934Jan 29, 2012
    risk 0.00cvss epss 0.08

    PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter.