CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that multiple Filament operations listed in administrator order details and order shipping tables...

CVE-2026-3231

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

CVE-2026-3231

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

Microweber 安全漏洞

Microweber is an open-source online store management system that provides drag-and-drop functionality. This system includes modules for adding products and images. Version 2.0.19 of Microweber has a security vulnerability. This vulnerability stems from the admin/order/abandoned endpoint having...

WordPress RegistrationMagic plugin <= 6.0.7.1 - Privilege Escalation via admin_order vulnerability

Privilege Escalation via adminorder vulnerability discovered by Os in WordPress Plugin RegistrationMagic versions = 6.0.7.1...

CVE-2025-15403 RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...

CVE-2025-15403

CVE-2025-15403 affects the RegistrationMagic WordPress plugin (versions

EUVD-2026-3164

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...

CVE-2023-0479

The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...

CVE-2024-24323

SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component...

PT-2024-20358 · Linlinjava · Litemall

Name of the Vulnerable Software and Affected Versions: linlinjava litemall version 1.8.0 Description: The issue allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component. This is a SQL...

CVE-2023-0479

The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...

Improper Authorization

pimcore/ecommerce-framework-bundle is vulnerable to Improper Authorization. The vulnerability is due to a lack of permission enforcement within the admin/ecommerceframework/admin-order/list endpoint. An unauthorized user can access this endpoint without authorization, resulting in the ability to...

WordPress plugin Print Invoice & Delivery Notes for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

S-cart Cross-Site Scripting Vulnerability

S-cart is a Php-based e-commerce management platform from the S-cart community. A cross-site scripting vulnerability exists in s-cart core before version 4.4, which stems from a lack of detection of client-side input in the search function of the admin dashboard in...

Cross-site Scripting (XSS)

Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS. PoC:...