Lucene search
+L

4846 matches found

Cvelist
Cvelist
added 2026/04/28 4:15 a.m.33 views

CVE-2026-7224 SourceCodester Pizzafy Ecommerce System ajax.php delete_cart sql injection

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.12 views

PT-2026-35665

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get cart count of the file /admin/ajax.php?action=get cart count. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit ha...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35705

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get cart items of the file /admin/ajax.php?action=get cart items. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has bee...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35661

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete cart of the file /admin/ajax.php?action=delete cart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has be...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.13 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which stems from the operation of the getcartitems function in the...

6.5CVSS6.7AI score0.0025EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.16 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the ID parameter in the deletecart function of the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the ID parameter in the getcartcount function of the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:31 a.m.5 views

EUVD-2026-24656

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References18
NVD
NVD
added 2026/04/22 9:16 a.m.8 views

CVE-2026-4090

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS0.00243EPSS
Exploits0References17
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.29 views

CVE-2026-4090 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS0.00243EPSS
Exploits0References17
CVE
CVE
added 2026/04/22 7:45 a.m.14 views

CVE-2026-4090

Technical details beyond the CVE entry are not provided in the connected documents. Monitor for updates on affected plugin versions and remediation status.

6.1CVSS5.7AI score0.00243EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.4 views

CVE-2026-4090

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.5 views

CVE-2026-4090 Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rdicsettingspage function when processing settings form submissions. This makes it possible for unauthenticated attackers...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

WordPress plugin Inquiry Cart 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.14 views

PT-2026-34284

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd ic settings page function when processing settings form submissions. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References19
OSV
OSV
added 2026/04/21 3:20 p.m.46 views

GHSA-665X-PPC4-685W OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure

Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...

5.4CVSS5.7AI score0.00176EPSS
Exploits1References5
NVD
NVD
added 2026/04/20 5:16 p.m.10 views

CVE-2026-40098

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

5.4CVSS0.00176EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 4:19 p.m.4 views

CVE-2026-40098

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

5.3CVSS5.8AI score0.00176EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

OpenMage Magento Lts(Magento) 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from defects in the authorization logic for adding shared wish lists to the shopping car...

5.4CVSS5.8AI score0.00176EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.11 views

PT-2026-33410

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible...

5.1CVSS5.7AI score0.0032EPSS
Exploits0References3
Rows per page
Query Builder