Abacre Retail Point of Sale security vulnerability

Abacre Retail Point of Sale is a new generation retail management software developed by the Canadian company Abacre. Version 14.0.0.396 of Abacre Retail Point of Sale contains a security vulnerability, which stems from a content-based blind SQL injection vulnerability in the order search function...

EUVD-2025-3209

Malicious code in bioql PyPI...

CVE-2025-27892

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression...

CVE-2025-27892

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression...

CVE-2025-23495

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chetan Khandla WooCommerce Order Search woocommerce-order-searching allows Reflected XSS.This issue affects WooCommerce Order Search: from n/a through = 1.1.0...

CVE-2025-23495

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chetan Khandla WooCommerce Order Search woocommerce-order-searching allows Reflected XSS.This issue affects WooCommerce Order Search: from n/a through = 1.1.0...

CVE-2025-23495 WordPress WooCommerce Order Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chetan Khandla WooCommerce Order Search woocommerce-order-searching allows Reflected XSS.This issue affects WooCommerce Order Search: from n/a through = 1.1.0...

CVE-2025-23495 WordPress WooCommerce Order Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound WooCommerce Order Search allows Reflected XSS. This issue affects WooCommerce Order Search: from n/a through 1.1.0...

CVE-2025-23495

CVE-2025-23495 is a reflected Cross-Site Scripting vulnerability in the NotFound WooCommerce Order Search plugin for WordPress. The description indicates Improper Neutralization of Input During Web Page Generation, enabling reflected XSS. Affected range: WooCommerce Order Search plugins from n/a ...

WordPress plugin WooCommerce Order Search 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-4904 · WordPress · Woocommerce Order Search

Name of the Vulnerable Software and Affected Versions: WooCommerce Order Search versions 1.1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker...

WordPress WooCommerce Order Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WooCommerce Order Search versions = 1.1.0...

CVE-2023-27568

SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchFormsearchText=...

CVE-2021-46661

MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE...

Cross-site Scripting (XSS)

Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS. PoC:...