EUVD-2026-30936

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

EUVD-2024-47275

Malicious code in bioql PyPI...

New WordPress Malware Hides on Checkout Pages and Imitates Cloudflare

Wordfence exposes a sophisticated WordPress malware campaign using a rogue WordPress Core plugin. Active since 2023, it steals credit cards and credentials with advanced anti-detection...

CVE-2023-0987

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed...

CVE-2025-22622

Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php...

CVE-2025-22622 Age Verification - Reflected cross-site scripting (XSS)

Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php...

WordPress plugin Age Verification for your checkout page. Verify your customer s identity 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Age Verification for your checkout page...

CVE-2024-6128

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

CVE-2024-6128

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

CVE-2024-6128

Spa-Cartcms (spa-cartcms) v1.9.0.6 Checkout Page has a vulnerability in the /checkout processing where manipulating the quantity argument with -10 enforces a behavioral workflow. The issue is remotely triggerable and publicly disclosed. The PT-2024-37404 entry provides concrete details and recomm...

PT-2024-22871

Name of the Vulnerable Software and Affected Versions: Sylius versions 1.12.13 through 1.12.15 Sylius versions prior to 1.13.1 Description: The issue is related to Cross Site Scripting XSS via the "Province" field in Address Book. There is a possibility to save XSS code in the province field in t...

CVE-2023-0987

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed...

WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page

The plugin does not escape the errorenvision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. PoC 1. Enable greenwallet-gateway as a woocommerce payment gateway 2. add something in your cart and visit the checkout page 3. visit...

WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page

The plugin does not escape the errorenvision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. 1. Enable greenwallet-gateway as a woocommerce payment gateway 2. add something in your cart and visit the checkout page 3. visit...

GHSA-PRFF-6J8Q-VRV7 Cross-site Scripting in microweber

There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field...

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field...

PT-2021-22549 · WordPress · Credova Financial

Name of the Vulnerable Software and Affected Versions: Credova Financial WordPress plugin versions up to, and including, 1.4.8 Description: The Credova Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a sit...

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack

Boom! Mobile’s U.S. website recently fell victim to an e-commerce attack, putting online shoppers in danger of payment-card theft, researchers said. Boom! is a wireless provider that resells mobile phone plans from Verizon, AT&T and T-Mobile USA, under its own brand and with its own perks the...