CVE-2026-5157

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...

CVE-2026-5157 code-projects Online Food Ordering System Order order.php cross site scripting

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...

CVE-2026-5157 code-projects Online Food Ordering System Order order.php cross site scripting

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...

CVE-2025-14554

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderformdata' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-14554

CVE-2025-14554 affects the WordPress plugin “Sell BTC – Cryptocurrency Selling Calculator.” The vulnerability is a Stored Cross-Site Scripting (XSS) flaw via the AJAX action ‘orderform_data’ in versions up to and including 1.5, caused by insufficient input sanitization and output escaping. This a...

CVE-2025-13531

The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'productname' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Stylish Order Form Builder plugin <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'productname' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Stylish Order Form Builder versions = 1.0...

CVE-2025-13531 Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter

The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'productname' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13531 Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter

The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'productname' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-13531

The CVE CVE-2025-13531 affects the Stylish Order Form Builder WordPress plugin. It is a Stored Cross-Site Scripting (XSS) vulnerability through the product_name parameter in all versions up to 1.0, caused by insufficient input sanitization and output escaping. An authenticated attacker with Subsc...

WordPress plugin Stylish Order Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-1999-0588

Malware in sbrugna...

CVE-2022-34344

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...

CVE-2022-34344 WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...

CVE-2023-34170

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin = 3.5.7 versions...

CVE-2023-34170

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin = 3.5.7 versions...

CVE-2023-34170

CVE-2023-34170 : Stored XSS in the WordPress plugin “WP Overnight Quick/Bulk Order Form for WooCommerce” (versions up to 3.5.7). Root cause: insufficient sanitization/escaping of input parameters, enabling authenticated users (admin+) to inject script that can be stored and later reflected to sit...

WordPress Plugin Quick/Bulk Order Form for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2021-24226

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the...

WordPress 插件信息泄露漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the AccessAlly WordPress plugin prior to version...