4 matches found
WordPress plugin Live sales notification for WooCommerce 安全漏洞
WordPress Live sales notification for WooCommerce plugin is a real-time sales notification tool designed for WooCommerce e-commerce platform, which displays recent purchases through pop-ups, and utilizes social proof to boost user trust and conversion rates. The WordPress Live sales notification...
Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
The plugin does not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data PoC Make a booking to get a customer account Login via API and get access token: curl...
PT-2018-10991 · Avanti Markets · Marketcard
Name of the Vulnerable Software and Affected Versions: Avanti Markets MarketCard affected versions not specified Description: A vulnerability exists due to the lack of proper validation of the UPC bar code on the MarketCard. This could allow an unauthenticated, local attacker to access funds with...
Code injection
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...