BIT-WORDPRESS-MULTISITE-2024-12028

The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...

CVE-2025-0580

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...

CVE-2025-0579

A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...

CVE-2025-0580 Shiprocket Module REST API Module rest_api authorization

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...

CVE-2025-0580 Shiprocket Module REST API Module rest_api authorization

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi&action=getOrders of the component REST API Module. The manipulation of the argument contentHash...

CVE-2025-0580

CVE-2025-0580 affects Shiprocket Module 3 on OpenCart. The vulnerability resides in the REST API Module’s file path /index.php?route=extension/module/rest_api&action=getOrders, where manipulating the contentHash argument leads to incorrect authorization. It is described as remotely exploitable wi...

CVE-2025-0579 Shiprocket Module REST API Module restapi sql injection

A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...

CVE-2025-0579 Shiprocket Module REST API Module restapi sql injection

A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...

CVE-2025-0579

CVE-2025-0579 affects Shiprocket Module 3/4 on OpenCart, specifically the REST API Module’s restapi endpoint. The root cause is manipulation of the x-username parameter, leading to SQL injection that can be exploited remotely. Public exploitation has been disclosed. Affected versions are Shiprock...

PT-2025-3970 · Opencart +1 · Opencart +1

Name of the Vulnerable Software and Affected Versions: Shiprocket Module 3/4 on OpenCart affected versions not specified Description: A critical issue has been found in the Shiprocket Module 3/4 on OpenCart, affecting an unknown functionality of the file...

CVE-2024-50967

DATAGerry (Becon DATAGerry) contains an Incorrect Access Control flaw in the /rest/rights/ REST API endpoint through version 2.2.0, enabling remote access without authentication and leading to unauthorized disclosure of sensitive information. The issue is consistently described across multiple so...

CVE-2024-50967

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information...

CVE-2024-50967

The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information...

Exploit for CVE-2024-11972

Description Name : CVE-2024-11972 CVSSv3 Score : 9...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Vivektamrakar Wp_Rest_Api_Fns

CVE-2024-49328-exploit 🌟 Description: This script exploits...

CVE-2024-13258

Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13...

CVE-2024-13258 Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022

Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13...

CVE-2024-11423

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

CVE-2024-11423

CVE-2024-11423 is exposed in the WordPress plugin “Ultimate Gift Cards for WooCommerce Pro” (Gift Cards for WooCommerce Pro). The root cause is a missing capability check on several REST API endpoints (notably /wp-json/gifting/recharge-giftcard), enabling unauthenticated attackers to modify data ...