CVE-2026-3231 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field

The Checkout Field Editor Checkout Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce Block Checkout Store API in all versions up to, and including, 2.1.7. This is due to the...

CVE-2025-56426

An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly...

PT-2025-41401

Name of the Vulnerable Software and Affected Versions WebKul Bagisto version 2.3.6 Description A flaw exists that enables remote code execution through the Cart/Checkout API endpoint. The price calculation logic does not properly validate the quantity of items, allowing for potential code...

CVE-2025-56426

Summary: CVE-2025-56426 affects WebKul Bagisto v2.3.6. The issue resides in the Cart/Checkout API’s price calculation logic, where quantity inputs are not properly validated, enabling remote code execution. All sources consistently describe a vulnerability that could be exploited via the Cart/Che...

Malicious code in tebex_checkout_api (npm)

--- -= Per source details. Do not edit below this line.=-...

Affirm: IDOR to view order information of users and personal information

Summary: Broken access control is the method of controlling which users can perform a certain type of action or view set of data. Broken access control is a vulnerability that allows an attacker to circumvent those controls and perform more actions than they are allowed to, or view content they...