webkul
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting webkul.
- CVE-2017-20262Joomla! Component Ajax Quiz 1.8 SQL Injection8.2
- CVE-2026-38532A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanen...8.1
- CVE-2026-38530A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanent...8.1
- CVE-2026-38529A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a ...8.8
- CVE-2021-41074A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document.5.4
- CVE-2025-67325Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution.9.8
- CVE-2026-21450Bagisto has SSTI in parameter that can lead to RCE9.8
- CVE-2026-21451Bagisto has HTML Filter Bypass that Enables Stored XSS8.4
- CVE-2026-21449Bagisto has SSTI via first and last name from low-privilege user (not admin)8.8
- CVE-2026-21448Bagisto has Normal & Blind SSTI from low-privilege user when ordering product9.8
- CVE-2026-21447Bagisto has IDOR in Customer Order Reorder Functionality7.1
- CVE-2026-21446Bagisto Missing Authentication on Installer API Endpoints9.8
- CVE-2025-62415bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)6.9
- CVE-2025-62418bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)6.9
- CVE-2025-62414bagisto - Cross Site Scripting (XSS) in Create New Customer6.9