Ngo Bui Truong Vu

Researcher fromPatchStack
#6117of 53,633
44.4Total CVSS
Vulnerabilities · 6
High
6
PT-2025-20152
7.6
2025-05-07
Woocommerce · Pdf Invoices For Woocommerce + Drag/Drop Template Builder · CVE-2025-47537
**Name of the Vulnerable Software and Affected Versions** PDF Invoices for WooCommerce + Drag and Drop Template Builder versions through 5.3.8 **Description** The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions through 5.3.8, update to a version later than 5.3.8 to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation.
PT-2025-20153
7.6
2025-05-07
WordPress · Wpdever Cart Tracking For Woocommerce · CVE-2025-47538
**Name of the Vulnerable Software and Affected Versions** wpdever Cart tracking for WooCommerce versions 1.0.0 through 1.0.17 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions 1.0.0 through 1.0.17, update to a version later than 1.0.17 to resolve the issue.
PT-2025-20194
7.2
2025-05-07
Mario Peshev · Wp-Crm System · CVE-2025-47629
**Name of the Vulnerable Software and Affected Versions** Mario Peshev WP-CRM System versions 3.4.1 and earlier **Description** The issue is related to Deserialization of Untrusted Data, which allows Object Injection. **Recommendations** For Mario Peshev WP-CRM System versions 3.4.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-20202
7.6
2025-05-07
Woocommerce · Elex Product Feed For Woocommerce · CVE-2025-47643
**Name of the Vulnerable Software and Affected Versions** ELEX Product Feed for WooCommerce versions 3.1.2 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For ELEX Product Feed for WooCommerce versions 3.1.2 and earlier, update to a version later than 3.1.2 to resolve the issue.
PT-2025-20225
7.2
2025-05-07
Unknown · Wp Maintenance · CVE-2025-47683
**Name of the Vulnerable Software and Affected Versions** WP Maintenance versions through 6.1.9.7 **Description** The issue is related to Deserialization of Untrusted Data, which allows Object Injection. **Recommendations** For versions through 6.1.9.7, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-17795
7.2
2025-04-24
Unknown · Michael Cannon Flickr Shortcode Importer · CVE-2025-46481
**Name of the Vulnerable Software and Affected Versions** Michael Cannon Flickr Shortcode Importer versions n/a through 2.2.3 **Description** The issue is related to Deserialization of Untrusted Data, which allows Object Injection. **Recommendations** For versions n/a through 2.2.3, update to a version later than 2.2.3 to resolve the issue. As a temporary workaround, consider restricting the deserialization of untrusted data until a patch is available.