Lucene search
K

70 matches found

CVE
CVE
added 2026/07/01 6:0 a.m.16 views

CVE-2026-11568

The Product Configurator for WooCommerce WordPress plugin prior to 1.7.3 exposes protected product data via a public AJAX action without any authorization or post-status checks. Unauthenticated users can retrieve data for private and draft (non-public) products by supplying the product ID, bypass...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 8:33 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the store method of sub-form Livewire components used in the product editor. An attacker can modify product pricing, stock, SEO metadata, shipping dimensions, and attached media for any product by tampering with...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.12 views

CVE-2026-7727

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

7.5CVSS7AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.22 views

CVE-2026-47742

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS5.9AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 p.m.17 views

CVE-2026-47742

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 6:0 p.m.36 views

CVE-2026-47742 Shopper: Missing authorization on Product admin Livewire sub-form components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO...

6.5CVSS0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/23 6:30 p.m.9 views

EUVD-2018-21864

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/04 3:15 a.m.3 views

CVE-2026-7727 Shandong Hoteam Software PDM Product Data Management System DataService GetQueryMachineGridOnePageData sql injection

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/05/04 3:15 a.m.33 views

CVE-2026-7727

Technical details about CVE-2026-7727 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Hoteam Product Data Management System 注入漏洞

The Hoteam Product Data Management System is a product data management system developed by Hoteam Corporation. Versions of the Hoteam Product Data Management System 8.3.9 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the GetQueryMachineGridOnePageData...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/01 5:32 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the IGES and STEP file parsing process. An attacker can cause a denial of service or access unintended memory contents by submitting specially crafted IGES or STEP files that trigger out-of-bounds reads or infinit...

7.1CVSS5.8AI score0.00098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.17 views

PT-2026-36494

Name of the Vulnerable Software and Affected Versions Open CASCADE Technology OCCT version V8 0 0 rc5 Description Multiple issues exist in the IGES and STEP file parsers that can be triggered by crafted files. These include an out-of-bounds read reading data outside the intended boundary of a...

5.5CVSS5.8AI score0.00098EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/04/16 9:51 a.m.6 views

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability

Unauthenticated SQL Injection via 'options' Parameter Keys in productdata vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...

7.5CVSS6AI score0.00489EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/16 6:31 a.m.5 views

EUVD-2026-23186

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

7.5CVSS5.9AI score0.00489EPSS
Exploits0References8
NVD
NVD
added 2026/04/16 6:16 a.m.10 views

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

7.5CVSS0.00489EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.12 views

PT-2026-33266

Name of the Vulnerable Software and Affected Versions Riaxe Product Customizer versions prior to 2.1.3 Description An issue exists in the Riaxe Product Customizer plugin for WordPress where unauthenticated attackers can append additional SQL queries to existing ones to extract sensitive informati...

7.5CVSS5.4AI score0.00489EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/04/09 9:38 p.m.5 views

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability

WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...

6.5CVSS5.9AI score0.00176EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/08 12:16 p.m.7 views

CVE-2026-1672

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the wooberedrawtablerow function. This makes it possibl...

6.5CVSS0.00176EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 11:16 a.m.24 views

CVE-2026-1672 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification

The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the wooberedrawtablerow function. This makes it possibl...

6.5CVSS0.00176EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 11:16 a.m.10 views

CVE-2026-1672

The BEAR – Bulk Editor and Products Manager Professional for WordPress (Pluginus.Net) is affected by a Cross-Site Request Forgery in all versions up to 1.1.5. The root cause is missing nonce validation on the woobe_redraw_table_row() function, enabling unauthenticated attackers to modify WooComme...

6.5CVSS5.8AI score0.00176EPSS
Exploits0References4
Rows per page
Query Builder