CVE-2026-4911

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

CVE-2026-4911 Booking Package <= 1.7.06 - Unauthenticated Price Manipulation via 'amount' Parameter

The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...

EUVD-2026-22845

The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

CVE-2026-5694

The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

CVE-2026-5694

The CVE concerns the Quick Interest Slider WordPress plugin, affected up to and including version 3.1.5. It is vulnerable to an unauthenticated stored XSS via the loan-amount and loan-period parameters, caused by insufficient input sanitization and output escaping. The vulnerability allows attack...

PT-2026-33012

Name of the Vulnerable Software and Affected Versions Quick Interest Slider versions prior to 3.1.6 Description The Quick Interest Slider plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Unauthenticated attackers can...

WordPress plugin Quick Interest Slider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2017-9135

Malware in sbrugna...

Church Donation System giving.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter Amount in the file /members/giving.php. An attacker can exploit this...

CVE-2025-5984

A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/add-fee.php. The manipulation of the argument txtamt leads to cross site scripting. The attack can be...

CVE-2024-9089

A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file updateloanrecord.php. The manipulation of the argument amount leads to cross site scripting. The attack may be initiated remotely. Th...

PT-2024-39423 · Sourcecodester · Sourcecodester Loan Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Modern Loan Management System version 1.0 Description: A problematic issue affects the processing of the file update loan record.php, where the manipulation of the amount argument leads to cross-site scripting. The attack can b...

SourceCodester Modern Loan Management System 跨站脚本漏洞

SourceCodester Modern Loan Management System is an open source modern loan management system from SourceCodester. A cross-site scripting vulnerability exists in SourceCodester Modern Loan Management System version 1.0, which stems from an incorrect manipulation of the parameter amount that can le...

Church Management System SQL注入漏洞

Church Management System is a church management system. A SQL injection vulnerability exists in version 1.0 of the Church Management System, which originates from an SQL injection vulnerability in the amount parameter of the /admin/addgiving.php file...

Upgraded Q -> 2 from #776 [1701456793936]

Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...

Upgraded Q -> 2 from #776 [1701285150754]

Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...

PT-2023-16676 · Sourcecodester · Sourcecodester Alphaware Simple E-Commerce System

Name of the Vulnerable Software and Affected Versions: SourceCodester Alphaware Simple E-Commerce System version 1.0 Description: A critical vulnerability has been found in the Payment Handler component of the affected software, specifically in the file /alphaware/summary.php. The manipulation of...

Alphaware Simple E-Commerce System 访问控制错误漏洞

Alphaware Simple E-Commerce System is an e-commerce system by razormist individual developers. An Access Control Error vulnerability exists in SourceCodester Alphaware Simple E-Commerce System version 1.0, which stems from incorrect manipulation of the parameter amount resulting in incorrect acce...

Biometric Shift Employee Management System Cross-Site Scripting Vulnerability (CNVD-2018-01397)

Biometric Shift Employee Management System is an employee management system. A cross-site scripting vulnerability exists in Biometric Shift Employee Management System. The vulnerability can be exploited via the amount parameter in the index.php?user=additiondeduction request...

CVE-2017-17993

Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=additiondeduction request...