Lucene search
K

18 matches found

NVD
NVD
added 2025/12/02 6:15 p.m.3 views

CVE-2025-65215

Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...

6.1CVSS0.00192EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/11 12:11 a.m.4 views

CVE-2025-63712

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

8.8CVSS7.2AI score0.00186EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/10 3:31 p.m.5 views

EUVD-2025-44060

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

6.6AI score0.00186EPSS
Exploits1References3
NVD
NVD
added 2025/11/10 3:15 p.m.4 views

CVE-2025-63712

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

8.8CVSS0.00186EPSS
Exploits1References2
OSV
OSV
added 2025/11/10 3:15 p.m.4 views

CVE-2025-63712

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

8.8CVSS6AI score0.00186EPSS
Exploits1References2
CVE
CVE
added 2025/11/10 12:0 a.m.11 views

CVE-2025-63712

SourceCodester Product Expiry Management System’s User Management module (delete-user.php) is affected by a CSRF vulnerability. The endpoint authenticates via session cookies only and lacks CSRF protection, enabling remote attackers to delete arbitrary user accounts through forged cross-origin GE...

8.8CVSS6.7AI score0.00186EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/10 12:0 a.m.3 views

CVE-2025-63712

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

6.7AI score0.00186EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/10 12:0 a.m.9 views

CVE-2025-63712

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

0.00186EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.5 views

SourceCodester Product Expiry Management System 安全漏洞

SourceCodester Product Expiry Management System is an open source product expiration management system from SourceCodester. A security vulnerability exists in SourceCodester Product Expiry Management System, which stems from the user management module delete-user.php relying on session cookies an...

8.8CVSS6.7AI score0.00186EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-56852

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 11:15 a.m.22 views

CVE-2023-52179

Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5...

5.4CVSS0.003EPSS
Exploits0References1
CVE
CVE
added 2024/06/11 10:40 a.m.56 views

CVE-2023-52179

The CVE-2023-52179 entry concerns the WordPress Product Expiry for WooCommerce plugin (

5.4CVSS5.5AI score0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/11 10:40 a.m.15 views

CVE-2023-52179 WordPress Product Expiry for WooCommerce plugin <= 2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5...

5.4CVSS7AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.5 views

WordPress plugin Product Expiry for WooCommerce security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.4CVSS6.9AI score0.003EPSS
Exploits0References3
OSV
OSV
added 2024/01/03 10:15 a.m.4 views

CVE-2024-0201

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...

4.3CVSS5.8AI score0.00392EPSS
Exploits0References3
CVE
CVE
added 2024/01/03 9:31 a.m.56 views

CVE-2024-0201

CVE-2024-0201 affects Product Expiry for WooCommerce (WordPress). Root cause: missing capability check in the plugin’s save_settings function, allowing authenticated users with subscriber-level permissions or higher to modify settings in versions up to 2.5. Remediate by upgrading to 2.6 (patched)...

5.4CVSS6.6AI score0.00392EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/01/03 9:31 a.m.24 views

CVE-2024-0201 Product Expiry for WooCommerce <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...

5.4CVSS5.5AI score0.00392EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.4 views

WordPress Plugin Product Expiry for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6.5AI score0.00392EPSS
Exploits0References4
Rows per page
Query Builder