Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

EUVD
EUVDadded 6 hours ago4 views

EUVD-2026-39188

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

7.5CVSS5.9AI score
Exploits0References2
Cvelist
Cvelistadded 10 hours ago8 views

CVE-2026-9702 InPost PL < 1.9.1 - Unauthenticated WooCommerce Order Parcel-Locker Hijacking

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

Exploits0References1
CVE
CVEadded 10 hours ago7 views

CVE-2026-9702

The CVE concerns the InPost PL WordPress plugin (before 1.9.1) failing to verify that a request to update the WooCommerce order parcel-locker destination originates from the legitimate buyer. This allows unauthenticated attackers to silently redirect the shipping destination of any pending or pro...

7.5CVSS5.9AI score
Exploits0References1
EUVD
EUVDadded 2026/06/16 9:31 a.m.8 views

EUVD-2026-37059

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxpayfororder function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or orderkey verification when...

6.5CVSS5.3AI score0.00267EPSS
Exploits0References6
CVE
CVEadded 2026/06/16 9:31 a.m.34 views

CVE-2026-2381

The CVE concerns the WooCommerce Stripe Payment Gateway plugin for WordPress, affected in all versions up to 10.7.0. Root cause: missing capability check and missing order ownership/order_key verification in the wc_stripe_pay_for_order WC‑AJAX endpoint, with only a nonce validation. Impact: unaut...

6.5CVSS5.3AI score0.00267EPSS
Exploits0References6
EUVD
EUVDadded 2026/04/15 12:31 a.m.2 views

EUVD-2025-209461

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS5.8AI score0.00189EPSS
Exploits0References3
NVD
NVDadded 2026/04/14 10:16 p.m.5 views

CVE-2025-15565

The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the redirect function in all versions up to, and including, 8.3.0. This makes it possible for unauthenticated attackers to mark pending WooCommerce orders as paid/completed...

5.3CVSS0.00189EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/04/06 10:57 a.m.2 views

CVE-2026-5558

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

6.5CVSS6.3AI score0.00255EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/05 12:30 p.m.1 views

EUVD-2026-19063

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

6.5CVSS6.3AI score0.00255EPSS
Exploits0References6
NVD
NVDadded 2026/04/05 10:16 a.m.4 views

CVE-2026-5558

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

6.5CVSS0.00255EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/05 10:0 a.m.24 views

CVE-2026-5558 PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

6.5CVSS0.00255EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/05 10:0 a.m.2 views

CVE-2026-5558

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

6.5CVSS6.3AI score0.00255EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/05 10:0 a.m.0 views

CVE-2026-5558 PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

6.5CVSS6.3AI score0.00255EPSS
Exploits0References5
CVE
CVEadded 2026/04/05 10:0 a.m.10 views

CVE-2026-5558

CVE-2026-5558 affects PHPGurukul Online Shopping Portal Project up to 2.1. The vulnerability is in an unknown function of /pending-orders.php (Parameter Handler). Manipulating the argument ID leads to SQL injection, enabling remote exploitation. The exploit has been published; CVSS indicates medi...

6.5CVSS6.3AI score0.00255EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/04/05 12:0 a.m.5 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Versions of the PHPGurukul Online Shopping Portal Project 2.1 and earlier had a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter ...

6.5CVSS6.7AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/05 12:0 a.m.4 views

PT-2026-30428

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

6.5CVSS6.3AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/03/30 12:0 a.m.7 views

PT-2026-28427

Name of the Vulnerable Software and Affected Versions Download Monitor plugin for WordPress versions prior to 5.1.8 Description The software contains an Insecure Direct Object Reference issue in the executePayment function. Missing validation on a user-controlled key allows unauthenticated...

7.5CVSS6AI score0.00269EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/01/15 7:23 a.m.12 views

CVE-2025-15475

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the checkpayhereresponse function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to...

5.3CVSS6AI score0.00225EPSS
Exploits0References1
NVD
NVDadded 2026/01/14 7:16 a.m.5 views

CVE-2025-15475

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the checkpayhereresponse function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00225EPSS
Exploits0References3
CVE
CVEadded 2026/01/14 6:40 a.m.19 views

CVE-2025-15475

CVE-2025-15475 affects the PayHere Payment Gateway Plugin for WooCommerce (WordPress). The issue arises from improper validation in the check_payhere_response function, allowing unauthenticated attackers to modify data and change the status of pending WooCommerce orders to paid/completed/on hold ...

5.3CVSS5.6AI score0.00225EPSS
Exploits0References3
Rows per page
Query Builder