2 matches found
CVE-2026-2506
The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to the plugin storing attacker-controlled 'customername' data and rendering it in the admin customer list without output escaping. This makes it possible f...
CVE-2021-46448
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID...