8 matches found
CVE-2026-12393 WPS Bookings for WooCommerce < 3.11.7 - Subscriber+ Arbitrary Booking Order Cancellation via IDOR
The WPS Bookings for WooCommerce WordPress plugin before 3.11.7 does not verify that a booking order belongs to the requesting user before cancelling it, allowing any authenticated user, such as a Subscriber or Customer, to cancel and void other customers' booking orders...
EUVD-2026-41260
The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 2.7.6 via the appointmentkey parameter due to the appointment editkey — the sole authorization token consumed by tryCance...
EUVD-2026-39946
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...
mall-swarm 授权问题漏洞
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the cancelOrder function in the file /order/cancelOrder, and no detailed vulnerability details are provided...
Decisionmaking in the DAO is to slow which results in the DAO not been able to use the CANCELLER_ROLE properly
Lines of code Vulnerability details Impact The time that takes the DAO to vote on a proposal is to long for the DAO to be a proper address to cancel scheduled operations. That is why no scheduled operation will ever be cancelled and potentially malicious operations from security exploits will be...
OESA-2023-1777 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in...
CVE-2022-45164
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...
Susceptible to reorg attack
Lines of code Vulnerability details Impact When reorg happens, it is possible that the cancelled order by the taker be executed by the maker. Proof of Concept Suppose userA is seller and userB is buyer, seller is maker, and buyer is taker. After some time, userB the buyer cancels the order by...