129 matches found
CVE-2023-43614
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...
Cross site scripting
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2023-43614
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2023-43614
Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2023-43610
SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...
CVE-2023-43610
CVE-2023-43610 is a SQL injection vulnerability in Welcart e-Commerce (WordPress plugin) affecting versions 2.7–2.8.21. The issue exists in the Order Data Edit page, allowing a user with editor-level privileges or higher to perform unintended database operations. Red Hat and JVN entries corrobora...
WordPress Plugin Welcart e-Commerce Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-4948
The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
PT-2023-31236 · WordPress · Woocommerce Clover Payment Gateway
Name of the Vulnerable Software and Affected Versions: WooCommerce CVR Payment Gateway plugin for WordPress versions up to 6.1.0 Description: The issue allows unauthorized modification of data due to a missing capability check on the refresh order cvr data AJAX action. This makes it possible for...
CVE-2023-35093
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin = 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more...
Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin
A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000 , impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which...
CVE-2022-43212
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...
Billing System Project SQL注入漏洞
Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in fetchOrderData.php against an externally entered SQL statement. An attacker...
PT-2022-26793 · Unknown · Billing System Project
Name of the Vulnerable Software and Affected Versions: Billing System Project version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the orderId parameter at the "fetchOrderData.php" endpoint. Recommendations: For Billing System...
PT-2022-24565 · Maxon · Maxon Erp
Name of the Vulnerable Software and Affected Versions: Maxon ERP affected versions not specified Description: A critical vulnerability has been found in Maxon ERP, affecting the file /index.php/purchase order/browse data. The manipulation of the tb search argument leads to SQL injection. It is...
CVE-2022-43232
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /phpaction/fetchOrderData.php...
CVE-2022-36638
An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders...
WordPress Tipsacarrier plugin access control error vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...
WordPress plugin Tipsacarrier 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...
CVE-2022-20680
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive dat...