Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through...
10CVSS
9.4AI Score
0.001EPSS
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access...
7.5CVSS
7.6AI Score
0.001EPSS
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy...
9.8CVSS
9.4AI Score
0.001EPSS
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without...
7.5CVSS
7.4AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3...
8.8CVSS
8.7AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin <= 2.7.2...
6.1CVSS
6.3AI Score
0.0005EPSS
An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated...
7.6CVSS
7.2AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.785...
7.1CVSS
6AI Score
0.0005EPSS
A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit.....
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been.....
9.8CVSS
9.7AI Score
0.001EPSS
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php...
8.8CVSS
8.9AI Score
0.003EPSS
The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the...
9.8CVSS
9.3AI Score
0.001EPSS
Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the...
8.8CVSS
8.7AI Score
0.001EPSS
Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6AI Score
0.0005EPSS
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers....
5.8CVSS
5.5AI Score
0.001EPSS
Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng...
9.8CVSS
9.9AI Score
0.001EPSS
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration...
9.8CVSS
9.3AI Score
0.001EPSS
The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6AI Score
0.0005EPSS
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
6.1CVSS
6.1AI Score
0.001EPSS
Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18...
6.5CVSS
5.4AI Score
0.0004EPSS
9.8CVSS
9.7AI Score
0.002EPSS
9.8CVSS
9.7AI Score
0.002EPSS
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store...
6.8CVSS
5.3AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add_customer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been....
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument products leads to sql injection. The attack can be...
9.8CVSS
9.6AI Score
0.001EPSS
A vulnerability classified as problematic was found in Campcodes Retro Cellphone Online Store 1.0. This vulnerability affects unknown code of the file /admin/modal_add_product.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The....
6.1CVSS
6.1AI Score
0.001EPSS
Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's...
9.8CVSS
9.4AI Score
0.002EPSS
An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp...
7.5CVSS
7.5AI Score
0.001EPSS
An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store...
7.5CVSS
7.5AI Score
0.001EPSS
An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add_user_modal.php. The manipulation of the argument un leads to cross site scripting. The attack may be launched remotely.....
6.1CVSS
6AI Score
0.001EPSS
The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
7.2CVSS
7AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched.....
6.5CVSS
6.9AI Score
0.001EPSS
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9...
5.9CVSS
4.8AI Score
0.0005EPSS
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate...
4.3CVSS
4.4AI Score
0.001EPSS
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via....
4.3CVSS
4.4AI Score
0.001EPSS
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate...
4.3CVSS
4.4AI Score
0.001EPSS
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a....
4.3CVSS
4.4AI Score
0.001EPSS
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products...
6.5CVSS
4.4AI Score
0.001EPSS
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a...
6.5CVSS
4.4AI Score
0.001EPSS
The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
5.4CVSS
5AI Score
0.001EPSS
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in...
6.5CVSS
5.3AI Score
0.0004EPSS
The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.5AI Score
0.001EPSS
A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modal_add_product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit....
9.8CVSS
9.7AI Score
0.001EPSS
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy...
8.8CVSS
8.7AI Score
0.001EPSS
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy...
9.6CVSS
9AI Score
0.001EPSS
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy...
8.8CVSS
8.8AI Score
0.001EPSS