72 matches found
CVE-2026-39662
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...
EUVD-2026-20332
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...
CVE-2026-39662
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...
CVE-2026-39662
The connected sources confirm CVE-2026-39662 relates to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin “Product Price by Formula for WooCommerce” (ProWCPlugins). Affected product: Product Price by Formula for WooCommerce; vulnerable component: the plugin’s a...
CVE-2026-39662 WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...
CVE-2026-39662 WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...
WordPress plugin Product Price by Formula for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
EUVD-2026-10923
Sylius has a DQL Injection via API Order Filters...
CVE-2026-31825
Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...
CVE-2026-31825
Sylius (Open Source eCommerce framework on Symfony) has a vulnerability in API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter, where user-supplied order direction values are passed directly to Doctrine’s orderBy() without validation. This allows injection of arbitrary DQL...
CVE-2026-31825 Sylius has a DQL Injection via API Order Filters
Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...
CVE-2026-31825 Sylius has a DQL Injection via API Order Filters
Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...
CVE-2026-31825
Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...
CVE-2026-31825 Sylius has a DQL Injection via API Order Filters
Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...
PT-2026-24479
Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12 through 1.11.17 Sylius versions 1.12.23 through 1.13.15 Sylius versions 1.14.18 through 2.0.16 Sylius versions 2.1.12 through 2.2.3 Description Sylius is an Open Source eCommerce Framework on Symfony. The...
CVE-2024-2151
A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the input -1 leads to business logic errors...
CVE-2025-12115
CVE-2025-12115 affects the WordPress plugin “WPC Name Your Price for WooCommerce” (versions up to and including 2.1.9). The root cause is that the plugin does not disable the ability to enter a custom price for a product when it has been disabled, allowing unauthenticated actors to purchase at lo...
EUVD-2021-34206
Malicious code in bioql PyPI...
EUVD-2024-52559
Malicious code in bioql PyPI...
EUVD-2022-4793
Malicious code in bioql PyPI...