CVE-2026-49775

Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...

CVE-2026-49775 WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...

CVE-2026-49775 WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...

EUVD-2026-36895

Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...

CVE-2026-49775

CVE-2026-49775 affects WordPress Welcart e-Commerce plugin versions

PT-2026-49345

Name of the Vulnerable Software and Affected Versions Welcart e-Commerce versions prior to 2.11.29 Description Unauthenticated broken access control allows unauthorized users to bypass security restrictions. Recommendations Update to a version newer than 2.11.28...

CVE-2025-6577

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

CVE-2026-3320

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

CVE-2026-3953

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting XSS, Reflected XSS. This issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767.1383...

CVE-2026-2347

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001...

WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Welcart e-Commerce versions = 2.11.28...

PT-2026-45898

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy E-Commerce System version 1.0 Description An SQL injection issue exists in the Administrative Control Panel component. The Login function within the /admin/admin class novo.php file is susceptible to remote attacks throu...

Smartshop 跨站请求伪造漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to manipulate user profiles by tricking authenticated users into...

CVE-2026-2347 IDOR in Akıllı Ticaret's E-Commerce Pack

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001...

CVE-2026-2347

Summary : CVE-2026-2347 describes an authorization bypass in the Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website, caused by a user-controlled key. This leads to session hijacking on the affected site. Affected scope : E-Commerce Website before version 4.5.001. Impact as stated :...

CVE-2025-11024

The CVE-2025-11024 entry describes an SQL injection vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website prior to version 4.5.001. The issue is due to improper neutralization of special elements used in SQL commands, enabling a blind SQL injection. CVSS 3.1 base metr...

CVE-2025-11024 SQLi in Akıllı Ticaret's E-Commerce Pack

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

CVE-2025-11024 SQLi in Akıllı Ticaret's E-Commerce Pack

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

EUVD-2025-209838

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

Akıllı E-Commerce Website SQL注入漏洞

Akıllı E-Commerce Website is an e-commerce website system developed by the Turkish company Akıllı, aimed at online retail and digital sales scenarios. Versions of Akıllı E-Commerce Website prior to 4.5.001 contained a SQL injection vulnerability. This vulnerability stemmed from improper...