18 matches found
CVE-2025-65215
Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting XSS in /productexpiry/add-supplier.php via the Supplier Name field...
CVE-2025-63712
Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...
EUVD-2025-44060
Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...
CVE-2025-63712
Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...
CVE-2025-63712
Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...
CVE-2025-63712
SourceCodester Product Expiry Management System’s User Management module (delete-user.php) is affected by a CSRF vulnerability. The endpoint authenticates via session cookies only and lacks CSRF protection, enabling remote attackers to delete arbitrary user accounts through forged cross-origin GE...
CVE-2025-63712
Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...
CVE-2025-63712
Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...
SourceCodester Product Expiry Management System 安全漏洞
SourceCodester Product Expiry Management System is an open source product expiration management system from SourceCodester. A security vulnerability exists in SourceCodester Product Expiry Management System, which stems from the user management module delete-user.php relying on session cookies an...
EUVD-2023-56852
Malicious code in bioql PyPI...
CVE-2023-52179
Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5...
CVE-2023-52179
The CVE-2023-52179 entry concerns the WordPress Product Expiry for WooCommerce plugin (
CVE-2023-52179 WordPress Product Expiry for WooCommerce plugin <= 2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5...
WordPress plugin Product Expiry for WooCommerce security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-0201
The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...
CVE-2024-0201
CVE-2024-0201 affects Product Expiry for WooCommerce (WordPress). Root cause: missing capability check in the plugin’s save_settings function, allowing authenticated users with subscriber-level permissions or higher to modify settings in versions up to 2.5. Remediate by upgrading to 2.6 (patched)...
CVE-2024-0201 Product Expiry for WooCommerce <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...
WordPress Plugin Product Expiry for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...