CVE-2026-2466

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress DukaPress plugin <= 3.2.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Vuln Seeker Cyber Security Team in WordPress Plugin DukaPress versions = 3.2.4...

EUVD-2026-11093

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2026-2466

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2026-2466

The CVE-2026-2466 entry concerns the DukaPress WordPress plugin (affected version up to 3.2.4). The issue arises because the plugin does not sanitise and escape a parameter before reflecting it on the page, enabling a Reflected Cross-Site Scripting (XSS) attack. Impact is stated as potential expl...

CVE-2026-2466 DukaPress <= 3.2.4 - Reflected XSS

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2026-24586

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Wordpress dukapress plugin SQL injection vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language.DukaPress is one of the plugins used to create an online store. A SQL injection vulnerability exists in Wordpress dukapress plugin version v2.5.9, which can be exploited by remote attackers...

CVE-2014-8799

Directory traversal vulnerability in the dpimgresize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the src parameter to lib/dpimage.php...

Directory traversal

Directory traversal vulnerability in the dpimgresize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the src parameter to lib/dpimage.php...

CVE-2014-8799

WordPress DukaPress plugin vulnerability CVE-2014-8799: in versions before 2.5.4, the dp_img_resize function in php/dp-functions.php (triggered via lib/dp_image.php) allows directory traversal by supplying a .. in the src parameter, enabling reading arbitrary files. Affected: DukaPress