gitoxide 后置链接漏洞

GitOxide is a Git implementation written in Rust by Sebastian Thiel. Versions of GitOxide prior to 0.21.1 had a backlink vulnerability. This vulnerability stemmed from defects in the handling of symbolic link entries during the checkout process, which could allow attackers to create malicious tre...

CVE-2026-3445

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

EUVD-2026-18997

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing fie...

CVE-2026-3309

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing fie...

EUVD-2026-11073

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

Sylius 跨站脚本漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a cross-site scripting vulnerability. This vulnerability arises from the use of the innerHTML method to render the message field in the login form during checkout, which...

PT-2025-54390

Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through 3.0.0...

EUVD-2021-22663

Malware in sbrugna...

Shopware 6.6.10.4 Race Condition

A race condition exists within the voucher system of the Shopware Core. Successful exploitation of this vulnerability allows an attacker to bypass voucher usage limits during the checkout process. This vulnerability exists due to the fact that validation of voucher codes is not an atomic operatio...

Race Condition

Overview shopware/shopware is an open source e-commerce software made in Germany Affected versions of this package are vulnerable to Race Condition due to the checkout process. An attacker can bypass intended restrictions and redeem vouchers beyond their allowed usage by exploiting timing...

Adobe Commerce/Magento Open Source Input validation Vulnerability (APSB22-12)

The version of Adobe Commerce/Magento Open Source installed on the remote host is prior to a patched version. It is, therefore, affected by a arbitracy code execution as referenced in the APSB22-12 advisory. - Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by a...

PT-2024-23455 · WordPress · Wp Express Checkout

Name of the Vulnerable Software and Affected Versions: WP Express Checkout Accept PayPal Payments versions through 2.3.7 Description: The issue is related to improper validation of specified quantity in input, allowing manipulation of hidden fields. This can be exploited to manipulate the checkou...

BIT-MAGENTO-2022-24086

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution...

Magento allows attackers to alter the price of items

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items...

GHSA-F8FV-F786-9933 Magento improper input validation vulnerability

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution...

Magento improper input validation vulnerability

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution...

CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution...

Input validation

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution...

CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. Recent assessments: Assessed...

WordPress plugin Credova_Financial 安全漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin CredovaFinancial 1.4.8 and earlier versions, which stems from the plugin exposing the username and password of the website's associated Credova API account in plaintext via...