11 matches found
CVE-2025-12529 Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion
The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths int...
CVE-2025-12529 Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion
The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths int...
EUVD-2009-4091
Malware in sbrugna...
CVE-2024-10853
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-10853
CVE-2024-10853 applies to Buy one click WooCommerce for WordPress (versions
Logic flaw vulnerability in jspgou (CNVD-2021-42036)
Jiangxi Jinlei Technology Development Co., Ltd referred to as Jinlei Technology was founded in 2003, Jinlei Technology is a focus on java WEB application software research and development of high-tech enterprises. jspgou there is a logic flaw vulnerability, an attacker can use the vulnerability t...
Logic flaw vulnerability in jspgou
Jiangxi Jinlei Technology Development Co., Ltd referred to as Jinlei Technology was founded in 2003, Jinlei Technology is a focus on java WEB application software research and development of high-tech enterprises. jspgou there is a logic flaw vulnerability, an attacker can use the vulnerability t...
Extreme CMS has a flawed logic vulnerability
Extreme CMS is open source and free PHPCMS web content management system. Extreme CMS has a logic flaw vulnerability that can be exploited by attackers to overstep their rights to view other people's orders and delete other people's orders...
CVE-2009-4120
Multiple cross-site request forgery CSRF vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that 1 delete orders via an orders-delete action to admin.php, and possibly 2 delete products or 3 delete pages via unspecified vectors...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that 1 delete orders via an orders-delete action to admin.php, and possibly 2 delete products or 3 delete pages via unspecified vectors...
CVE-2009-4120
Multiple cross-site request forgery CSRF vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that 1 delete orders via an orders-delete action to admin.php, and possibly 2 delete products or 3 delete pages via unspecified vectors...