Lucene search
K

119 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56048

Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...

6.5CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.36 views

CVE-2026-56048 WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...

6.5CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39709

Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.11 views

CVE-2026-56048

Summary: CVE-2026-56048 concerns the WordPress plugin “Payment Gateway Based Fees and Discounts for WooCommerce” (versions ≤ 3.0.0). The vulnerability is described as an unauthenticated insecure direct object reference (IDOR). The connected documents confirm the affected product and root cause (I...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52762

Name of the Vulnerable Software and Affected Versions Payment Gateway Based Fees and Discounts for WooCommerce versions prior to 3.0.1 Description An unauthenticated Insecure Direct Object Reference IDOR exists in the software. IDOR is a type of access control vulnerability that occurs when an...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/25 9:16 a.m.5 views

WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin Payment Gateway Based Fees and Discounts for WooCommerce versions = 3.0.0...

6.5CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31234

Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through = 1.1.1...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/27 3:49 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the officia...

9.8CVSS6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 11:37 p.m.6 views

Malicious code in @devx-commerce/plugin-discounts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74de4ea6b81994c916a9fecaea82b1fa9c5a8bf24ad75dc6c755122b821ec169 The package @devx-commerce/plugin-discounts was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-60784

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

6.5CVSS6.9AI score0.0036EPSS
Exploits1References1
CVE
CVE
added 2025/11/05 12:0 a.m.18 views

CVE-2025-60784

Summary : CVE-2025-60784 affects XiaozhangBang Voluntary Like System V8.8. The vulnerable component is the Pay module function in the /topfirst.php endpoint, where the server fails to validate parameters. Impact : remote attackers can set zhekou to an abnormally low value to buy votes at reduced ...

6.5CVSS6.5AI score0.0036EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/11/05 12:0 a.m.3 views

EUVD-2025-37929

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

6.5CVSS6.4AI score0.0036EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17781

Malware in sbrugna...

6.1CVSS6.3AI score0.00679EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-29927

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-28208

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24962

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00425EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-8762

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.00237EPSS
Exploits0References2
NVD
NVD
added 2025/08/15 3:15 a.m.6 views

CVE-2025-6025

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

7.5CVSS0.00425EPSS
Exploits0References4
CVE
CVE
added 2025/08/15 2:24 a.m.26 views

CVE-2025-6025

CVE-2025-6025 concerns the Order Tip for WooCommerce plugin (WordPress) with unauthenticated input validation failure on the data-tip attribute, affecting all versions up to 1.5.4. The issue enables callers to submit tip values (including negative amounts) that can yield unauthorized discounts, p...

7.5CVSS7AI score0.00425EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/15 2:24 a.m.10 views

CVE-2025-6025 Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the data-tip attribute, which makes it possible for unauthenticated attackers to apply an...

7.5CVSS0.00425EPSS
Exploits0References4
Rows per page
Query Builder