WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WC Place Order Without Payment versions = 2.6.5...

CVE-2026-1599

Bdtask Bhojon All-In-One Restaurant Management System (up to 20260116) is affected by CVE-2026-1599 in the Checkout/placeorder flow. The vulnerability involves an unknown function in /hungry/placeorder where manipulating arguments such as orggrandTotal, vat, service_charge, or grandtotal can trig...

EUVD-2025-7720

Malicious code in bioql PyPI...

CVE-2024-8558

A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of...

CVE-2025-26933

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through =...

CVE-2025-26933

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through =...

CVE-2025-26933

CVE-2025-26933 describes a Local File Inclusion in the WordPress plugin “WC Place Order Without Payment” (WooCommerce). Affected: WC Place Order Without Payment

WordPress plugin WC Place Order Without Payment 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-8558

A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of...

PT-2024-39095 · Unknown · Sourcecodester Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Food Ordering Management System. This issue affects the Price Handler component, specifically the file...

Food Ordering Management System 安全漏洞

Food Ordering Management System is a food ordering management system by the individual developer Carlo Montero. It provides an online platform to order food from a restaurant or fast food chain. A security vulnerability exists in Food Ordering Management System version 1.0, which stems from the...

WordPress WC Place Order Without Payment Plugin < 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software WC Place Order Without Payment Type Plugin Vulnerable versions 2.5.2 Fixed in 2.5.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 20778007dca1 Credits Rafie Muhammad...

CVE-2022-43046

Food Ordering Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /foms/place-order.php...

PT-2022-26728 · Unknown · Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: Food Ordering Management System version 1.0 Description: The issue is related to a cross-site scripting XSS vulnerability found in the /foms/place-order.php component. This type of vulnerability allows attackers to inject malicious scripts in...

WordPress WC Place Order Without Payment plugin <= 2.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WC Place Order Without Payment plugin versions = 2.1. Solution Update the WordPress WC Place Order Without Payment plugin to the latest available version at least 2.2...

WordPress WC Place Order Without Payment plugin <= 2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WC Place Order Without Payment plugin versions = 2.1. Solution Update the WordPress WC Place Order Without Payment plugin to the latest available version at least 2.2...

ShopsN v3.0 SQL Injection Vulnerability in Frontend SpecialBusinessController.class.php File

ShopsN is a free e-commerce open source system. ShopsN v3.0 beta3 version SpecialBusinessController.class.php file contains a SQL injection vulnerability due to the system fails to effectively filter the placeorder function. A remote attacker can exploit the vulnerability to obtain sensitive...