3 matches found
CVE-2026-32459
The CVE describes an SQL Injection vulnerability (blind) in the WordPress UpsellWP plugin (checkout-upsell-and-order-bumps) affecting versions up to 2.2.4. Root cause: improper neutralization of special elements used in SQL commands. Impact stated as Blind SQL Injection, but no exploitation detai...
CVE-2026-25419 WordPress UpsellWP plugin <= 2.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through = 2.2.5...
WordPress UpsellWP plugin <= 2.2.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin UpsellWP versions = 2.2.3...