Lucene search
K

1149 matches found

Nuclei
Nuclei
added yesterday84 views

Multiple Shipping Address Woocommerce < 2.0 - SQL Injection

The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly sanitize and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections. id: CVE-2022-0783 info: name: Multiple...

9.8CVSS7.1AI score0.07866EPSS
Exploits2References2
NVD
NVD
added 6 days ago8 views

CVE-2026-9240

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS0.00196EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42565

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References5
CVE
CVE
added 6 days ago10 views

CVE-2026-9235

The DHL eCommerce (Benelux) for WooCommerce WordPress plugin (up to version 2.2.3) is vulnerable to unauthorized modification and data loss due to missing capability checks and missing nonce verification in create_label() and delete_label(). These functions are tied to wp_ajax_dhlpwc_label_create...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-42558

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-9240 Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Modification via lpc_order_affect AJAX action

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS0.00196EPSS
Exploits0References5
CVE
CVE
added 6 days ago13 views

CVE-2026-9240

The Colissimo Officiel: Méthodes de livraison pour WooCommerce plugin for WordPress is affected by a missing authorization check in updateShippingMethod(), registered to the wp_ajax_lpc_order_affect AJAX action, for versions up to 2.9.0. The handler does not perform current_user_can() checks or n...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-9240

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS6AI score0.00196EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57760

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29...

5.3CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:33 a.m.14 views

CVE-2026-57760

CVE-2026-57760 affects the WordPress Sendcloud Shipping plugin

5.3CVSS5.8AI score0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:33 a.m.9 views

CVE-2026-57760

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:33 a.m.36 views

CVE-2026-57760 WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29...

5.3CVSS0.00184EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 9:18 a.m.7 views

WordPress Sendcloud Shipping plugin <= 1.0.31 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Sendcloud Shipping versions = 1.0.31...

5.3CVSS5.9AI score0.00184EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55057

Name of the Vulnerable Software and Affected Versions Sendcloud Shipping versions prior to 1.0.30 Description Missing authorization allows for the exploitation of incorrectly configured access control security levels. Recommendations Update Sendcloud Shipping to version 1.0.30 or later...

5.3CVSS5.9AI score0.00184EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 9:31 a.m.5 views

EUVD-2026-39188

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

7.5CVSS5.9AI score0.00208EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-9709

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

7.7CVSS0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:0 a.m.10 views

EUVD-2026-38696

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:0 a.m.38 views

CVE-2026-9709 Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

0.00219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 6:0 a.m.6 views

CVE-2026-9709

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

5.8AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 4:16 a.m.15 views

CVE-2026-10023

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...

4.3CVSS0.0025EPSS
Exploits0References10
Rows per page
Query Builder