Lucene search
K

784 matches found

Nuclei
Nuclei
added 12 hours ago129 views

WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection

In the latest version 2.8.2 as of writing the article and below, the plugin is vulnerable to a SQL injection vulnerability that allows any users to execute arbitrary SQL queries in the database of the WordPress site. No privileges are required to exploit the issue. The vulnerability is unpatched ...

9.8CVSS7.3AI score0.21769EPSS
Exploits3References3
Nuclei
Nuclei
added 12 hours ago96 views

TI WooCommerce Wishlist <= 2.9.2 - Arbitrary File Upload

TemplateInvaders TI WooCommerce Wishlist = 2.10.0 contains an unrestricted file upload vulnerability caused by lack of proper file type validation, letting attackers upload web shells to the server, exploit requires no special privileges. id: CVE-2025-47577 info: name: TI WooCommerce Wishlist =...

10CVSS7.1AI score0.05128EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday124 views

WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection

WordPress TI WooCommerce Wishlist plugin before 1.40.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the itemid parameter before using it in a SQL statement via the wishlist/removeproduct REST endpoint. id: CVE-2022-0412 info: name: WordPress TI WooCommerce...

9.8CVSS7.1AI score0.73998EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 5:45 a.m.6 views

CVE-2026-14799

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/06 5:45 a.m.36 views

CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 5:45 a.m.8 views

EUVD-2026-41810

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
CVE
CVE
added 2026/07/06 5:45 a.m.13 views

CVE-2026-14799

CodeAstro Ecommerce Website 1.0 is affected by CVE-2026-14799 due to a SQL injection in /customer/my_account.php?my_wishlist when manipulating the delete_wishlist argument. The issue is exploitable remotely with a low-privilege, no-user-interaction path (network vector, low complexity; exploit ma...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57356

Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...

7.1CVSS0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.32 views

CVE-2026-57356 WordPress MC Woocommerce Wishlist plugin <= 1.9.19 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.10 views

CVE-2026-57356

CVE-2026-57356 is an unauthenticated Cross Site Scripting (XSS) vulnerability affecting the WordPress MC Woocommerce Wishlist plugin version ≤ 1.9.19. The issue, identified in the CVE record, does not specify exploitation status or a confirmed fix within the provided documents. The CVSS base scor...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.6 views

EUVD-2026-41355

Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.9 views

CVE-2026-57356

Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 2:16 p.m.7 views

CVE-2026-54849

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39373

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.32 views

CVE-2026-54849 WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.24 views

CVE-2026-54849

CVE-2026-54849 concerns WordPress Premmerce Wishlist for WooCommerce plugin versions &lt;= 1.1.11, with unauthenticated SQL injection vulnerability. The connected records confirm the affected software (Premmerce Wishlist for WooCommerce), the vulnerable component (the plugin’s request handling le...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:16 p.m.23 views

CVE-2019-25757

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...

7.1CVSS0.00221EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50993

Name of the Vulnerable Software and Affected Versions Joomla vWishlist version 1.0.1 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the component using crafted payloads in the...

7.1CVSS6.1AI score0.00221EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/06/18 2:29 p.m.6 views

WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin Premmerce Wishlist for WooCommerce versions = 1.1.11...

9.3CVSS6AI score0.00229EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37667

Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References2
Rows per page
Query Builder