116 matches found
CVE-2026-56048
Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...
CVE-2026-56048
Summary: CVE-2026-56048 concerns the WordPress plugin “Payment Gateway Based Fees and Discounts for WooCommerce” (versions ≤ 3.0.0). The vulnerability is described as an unauthenticated insecure direct object reference (IDOR). The connected documents confirm the affected product and root cause (I...
EUVD-2026-39709
Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...
PT-2026-31234
Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through = 1.1.1...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...
Malicious code in @devx-commerce/plugin-discounts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74de4ea6b81994c916a9fecaea82b1fa9c5a8bf24ad75dc6c755122b821ec169 The package @devx-commerce/plugin-discounts was found to contain malicious code. Source: ghsa-malware...
CVE-2025-60784
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...
CVE-2025-60784
Summary : CVE-2025-60784 affects XiaozhangBang Voluntary Like System V8.8. The vulnerable component is the Pay module function in the /topfirst.php endpoint, where the server fails to validate parameters. Impact : remote attackers can set zhekou to an abnormally low value to buy votes at reduced ...
EUVD-2025-37929
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...
EUVD-2020-17781
Malware in sbrugna...
EUVD-2024-29927
Malicious code in bioql PyPI...
EUVD-2025-28208
Malicious code in bioql PyPI...
EUVD-2025-24962
Malicious code in bioql PyPI...
EUVD-2025-8762
Malicious code in bioql PyPI...
CVE-2025-6025
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...
CVE-2025-6025 Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...
CVE-2025-6025 Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts
The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...
CVE-2025-6025
CVE-2025-6025 concerns the Order Tip for WooCommerce plugin (WordPress) with unauthenticated input validation failure on the data-tip attribute, affecting all versions up to 1.5.4. The issue enables callers to submit tip values (including negative amounts) that can yield unauthorized discounts, p...
WordPress plugin Order Tip for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2025-24625
Missing Authorization vulnerability in Naked Cat Plugins Taxonomy/Term and Role based Discounts for WooCommerce taxonomy-discounts-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/...