6546 matches found
CVE-2026-56043 WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...
EUVD-2026-39704
Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...
CVE-2026-56042 WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability
Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...
WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Customer Reviews for WooCommerce versions = 5.110.1...
MINI-CRM2-7FW5-VH9P
Bulletin has no description...
CVE-2026-9612
The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...
CVE-2026-9612
The CVE-2026-9612 entry concerns the WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress. Affects versions up to 1.0.1 and is caused by the yapacdev_generate_order_pdf function, which exposes sensitive customer PII and order details. Attack flow: an unauthenticated user can enumera...
EUVD-2026-38686
The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...
PT-2026-51696
Name of the Vulnerable Software and Affected Versions WhatsOrder – Instant Checkout for WooCommerce versions prior to 1.0.2 Description The plugin is susceptible to sensitive information exposure through the yapacdev generate order pdf function. Unauthenticated attackers can extract personally...
MINI-CRM5-RG22-CP7V
Bulletin has no description...
EUVD-2023-60592
Joomla combooking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=combooking,...
WordPress 2Download Connector for 2DL Hosted Checkout plugin <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability discovered by Mohamed Haidar in WordPress Plugin 2Download Connector for 2DL Hosted Checkout versions = 0.1.5...
Dynamics 365 Customer Voice Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-12111 Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter
The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...
CVE-2026-12111
The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...
EUVD-2026-37864
The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...
KLA91116 SUI vulnerability in Microsoft Dynamics
A spoofing vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2026-47646 Exploitation CVE list CVE-2026-47646 high KB list Solution Install necessary updates from the KB section, that are listed in your...
CVE-2026-46888
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM component: Database Upgrade. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Deployment executes to...
CVE-2026-49780
Customer Privilege Escalation in Dokan = 5.0.2 versions...
CVE-2026-49082
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...