263 matches found
CVE-2026-49110
The CVE-2026-49110 entry concerns the WordPress plugin Upsell Order Bump Offer for WooCommerce, affected in versions <= 3.1.4. It describes an Unauthenticated Broken Authentication vulnerability enabling price manipulation in Upsell Order Bump offers. CVSSv3.1 metrics indicate Network attack v...
CVE-2026-49110 WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...
CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability
Price Manipulation vulnerability discovered by Jakub Herman in WordPress Plugin Upsell Order Bump Offer for WooCommerce versions = 3.1.4...
EUVD-2025-209816
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress (
CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
PT-2026-40557
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccb woocommerce payment AJA...
WordPress Cost Calculator Builder plugin <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability
Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder versions = 4.0.1...
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911 Booking Package <= 1.7.06 - Unauthenticated Price Manipulation via 'amount' Parameter
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911
The Booking Package WordPress plugin (versions up to and including 1.7.06) is vulnerable to unauthenticated price manipulation via the amount parameter in PaymentIntent creation. The root cause is that user-controlled $_POST['amount'] is sent to Stripe without validation, and the server-calculate...
EUVD-2026-26006
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911 Booking Package <= 1.7.06 - Unauthenticated Price Manipulation via 'amount' Parameter
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
WordPress plugin Booking Package 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-35680
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $ POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function...