CVE-2026-44826

Vvveb CMS contains a vulnerability where the cart-add endpoint accepts a negative quantity before version 1.0.8.2. This allows negative line totals, subtotals, taxes, and grand totals, causing the merchant order to reflect a negative total and enabling a fraudulent “merchant owes customer money” ...

CVE-2026-44826 Vvveb: Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

CVE-2026-23684 Race condition vulnerability in SAP Commerce Cloud

A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on data integrity, with no impact on data...

CVE-2025-11430

A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

EUVD-2025-22785

Malicious code in bioql PyPI...

CVE-2025-8097

The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmartupdatecartitem function. This makes it possible for unauthenticated attackers to manipulate cart...

CVE-2025-8097

CVE-2025-8097 affects WoodMart, a WordPress theme, with versions up to 8.2.6. Wordfence/NVD describe an Improper Input Validation in woodmart_update_cart_item, enabling unauthenticated users to manipulate cart quantities using fractional values and potentially drive totals to $0.00, effectively b...

CVE-2025-8097 WoodMart - Multipurpose WooCommerce Theme <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation

The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmartupdatecartitem function. This makes it possible for unauthenticated attackers to manipulate cart...

CVE-2025-8097 WoodMart - Multipurpose WooCommerce Theme <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation

The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmartupdatecartitem function. This makes it possible for unauthenticated attackers to manipulate cart...

PT-2025-30965 · WordPress · Woodmart

Name of the Vulnerable Software and Affected Versions: WoodMart versions prior to 8.2.7 Description: The WoodMart theme for WordPress is susceptible to improper input validation. Insufficient validation of the qty parameter within the woodmart update cart item function allows unauthenticated...

WordPress WoodMart - Multipurpose WooCommerce Theme plugin <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation vulnerability

WordPress WoodMart - Multipurpose WooCommerce Theme plugin = 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation vulnerability discovered by Samir El Khaouti in WordPress Theme WoodMart versions = 8.2.6...

Cart Manipulation

sylius/paypal-plugin is vulnerable to cart manipulation. The vulnerability is due to improper order validation and enforcement after PayPal payment authorization, allowing users to alter their cart contents before finalizing the order...

GHSA-HXG4-65P5-9W37 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

A discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal transaction from a product page or the cart page and then returns to the order summary page, they can still manipulate the car...

CVE-2025-30152

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

CVE-2025-30152

CVE-2025-30152 : The Sylius PayPal Plugin (for PayPal Commerce) has an order manipulation vulnerability after PayPal Checkout. Before versions 1.6.2, 1.7.2, and 2.0.2, a user can return to the order summary page and modify the cart contents, potentially causing the merchant to receive less paymen...

CVE-2024-50968

Summary: CVE-2024-50968 affects itsourcecode’s Agri-Trading Online Shopping System 1.0. A business-logic flaw in Add to Cart lets remote attackers manipulate the quant parameter, setting quantity to -0. This flattens the total price to zero, enabling adding items to the cart and proceeding to che...

CVE-2024-50968

A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the...

pimcore 安全漏洞

Pimcore is a set of open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications.Pimcore has a code issue vulnerability in...

Cross-Site Request Forgery (CSRF)

solidusfrontend is vulnerable to cross-site request forgery CSRF. The vulnerability allows an attacker to add malicious content to the user's cart...

Business Logic Errors in microweber/microweber

✍️ Description microweber is vulnerable to Business Logic error through negative product price. 🕵️‍♂️ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Access the app localhost and add a product to the cart. 3. Open the HTML file and click on submit button to take...