Lucene search
+L

29 matches found

euvd
euvd
added 2026/07/01 9:32 a.m.8 views

EUVD-2026-40943

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference IDOR in the createorupdate function of OsOrdersController, whi...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/01 9:32 a.m.38 views

CVE-2026-13228 LatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' Parameter

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference IDOR in the createorupdate function of OsOrdersController, whi...

8.8CVSS0.00309EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:49 p.m.12 views

CVE-2026-32270

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

6.3CVSS5.3AI score0.00295EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/03 5:35 p.m.12 views

CVE-2026-42840 ERPNext 16.16.0 - Stored XSS in POS customer section via unescaped template literals

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

5.1CVSS5.9AI score0.00243EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/03 12:0 a.m.16 views

PT-2026-46044

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user can persist arbitrary HTML or JavaScript within the email id or mobile no fields of a Customer record. This leads to unescaped rendering in the Point of Sale POS interface for any...

5.1CVSS5.9AI score0.00243EPSS
Exploits0References6
osv
osv
added 2026/05/07 6:5 p.m.3 views

CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS5.9AI score0.00171EPSS
Exploits0References4
cve
cve
added 2026/05/07 6:5 p.m.22 views

CVE-2026-41904

FreeScout (PHP/Laravel) prior to version 1.8.217 is affected by a Stored XSS in the mailbox auto-reply feature. A user with updateAutoReply permission can store an XSS payload in the auto-reply message, which is rendered unescaped in auto-reply emails sent to customers. As email clients do not en...

7.6CVSS5.7AI score0.00171EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/04 12:0 a.m.14 views

PT-2026-36874

Name of the Vulnerable Software and Affected Versions Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier Description A hardcoded authentication bypass exists in the QR code scanning functionality. Unauthenticated remote attackers can bypass hash verification by providing...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References6
githubexploit
githubexploit
added 2026/04/23 9:0 a.m.173 views

tecno_xss_hotfix

tecnoxsshotfix Security hotfix module for PrestaShop — patc...

5.8AI score
Exploits0
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-51654

Malicious code in bioql PyPI...

7.5CVSS8.7AI score0.00468EPSS
Exploits0References4
cve
cve
added 2025/09/30 4:27 a.m.27 views

CVE-2025-7038

The vulnerability CVE-2025-7038 affects LatePoint for WordPress (up to v5.1.94). The issue is an Authentication Bypass in the steps__load_step path of the latepoint_route_call AJAX endpoint, where client-supplied customer email/fields are used before login verification or nonce checks. Unauthenti...

8.2CVSS5.5AI score0.00385EPSS
Exploits0References5
osv
osv
added 2025/02/15 9:15 a.m.5 views

CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

6.5CVSS7.3AI score0.0043EPSS
Exploits0References3
nvd
nvd
added 2025/02/15 9:15 a.m.24 views

CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

6.5CVSS0.0043EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/02/15 8:25 a.m.8 views

CVE-2024-13525 Customer Email Verification for WooCommerce <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

6.5CVSS6.5AI score0.0043EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/02/15 12:0 a.m.6 views

WordPress plugin Customer Email Verification for WooCommerce 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

6.5CVSS8AI score0.0043EPSS
Exploits0References4
osv
osv
added 2025/02/12 10:15 a.m.4 views

CVE-2024-13528

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for...

7.5CVSS7.2AI score0.00468EPSS
Exploits0References3
cvelist
cvelist
added 2024/10/17 5:25 p.m.32 views

CVE-2024-49305 WordPress Customer Email Verification for WooCommerce plugin <= 2.8.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFactory Email Verification for WooCommerce emails-verification-for-woocommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through = 2.8.10...

9.3CVSS0.00403EPSS
Exploits0References1
cvelist
cvelist
added 2024/04/30 8:32 a.m.43 views

CVE-2024-4185 Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the...

8.1CVSS8.4AI score0.0085EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/04/30 12:0 a.m.4 views

PT-2024-29596 · WordPress · Customer Email Verification For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Email Verification for WooCommerce plugin for WordPress versions up to 2.7.4 Description: The issue concerns the Customer Email Verification for WooCommerce plugin for WordPress, which is vulnerable to email verification and...

8.1CVSS7.2AI score0.0085EPSS
Exploits0References10
cnnvd
cnnvd
added 2024/04/30 12:0 a.m.8 views

WordPress plugin Customer Email Verification for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

8.1CVSS7.2AI score0.0085EPSS
Exploits0References5
Rows per page
Query Builder