Lucene search
K

2560 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57414

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...

6.5CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57414 WordPress ChatBot for eCommerce – WoowBot plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...

6.5CVSS0.00224EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday141 views

SMTP WP Plugin Directory Listing

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...

7.5CVSS6.9AI score0.64603EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday36 views

SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

6.1CVSS4.4AI score0.48533EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday205 views

WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting

WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...

6.1CVSS6.4AI score0.01555EPSS
Exploits1References4
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS0.00196EPSS
Exploits0References5
Patchstack
Patchstack
added 6 days ago5 views

WordPress ChatBot for eCommerce – WoowBot plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin ChatBot for eCommerce WoowBot versions = 4.6.1...

6.5CVSS6.1AI score0.00224EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/06 6:16 a.m.10 views

CVE-2026-14799

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/06 5:45 a.m.6 views

CVE-2026-14799

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/06 5:45 a.m.36 views

CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 5:45 a.m.8 views

EUVD-2026-41810

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
CVE
CVE
added 2026/07/06 5:45 a.m.12 views

CVE-2026-14799

CodeAstro Ecommerce Website 1.0 is affected by CVE-2026-14799 due to a SQL injection in /customer/my_account.php?my_wishlist when manipulating the delete_wishlist argument. The issue is exploitable remotely with a low-privilege, no-user-interaction path (network vector, low complexity; exploit ma...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 8:16 p.m.7 views

CVE-2026-14767

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 7:45 p.m.23 views

CVE-2026-14767 CodeAstro Ecommerce Website POST Parameter confirm.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 7:45 p.m.7 views

EUVD-2026-41777

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 7:45 p.m.8 views

CVE-2026-14767

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/05 7:45 p.m.13 views

CVE-2026-14767

CodeAstro Ecommerce Website 1.0 contains a SQL injection in the POST Parameter Handler within /ecommerce-website-php/customer/confirm.php (invoice_no). The vulnerability can be triggered remotely; the exploit has been released publicly. The CVSS-derived metrics in the sources indicate network att...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.9 views

PT-2026-55819

Name of the Vulnerable Software and Affected Versions CodeAstro Ecommerce Website version 1.0 Description An SQL injection flaw exists in the POST Parameter Handler component within the file /ecommerce-website-php/customer/confirm.php. A remote attacker can exploit this by manipulating the invoic...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References12
NVD
NVD
added 2026/07/04 6:16 p.m.10 views

CVE-2026-14639

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/myaccount.php?editaccount. Such manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added 2026/07/04 6:16 p.m.14 views

CVE-2026-14637

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS0.00598EPSS
Exploits0References7
Rows per page
Query Builder