2560 matches found
CVE-2026-57414
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...
CVE-2026-57414 WordPress ChatBot for eCommerce – WoowBot plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...
SMTP WP Plugin Directory Listing
The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...
SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...
WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...
CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions
The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...
WordPress ChatBot for eCommerce – WoowBot plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin ChatBot for eCommerce WoowBot versions = 4.6.1...
CVE-2026-14799
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...
CVE-2026-14799
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...
CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...
EUVD-2026-41810
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...
CVE-2026-14799
CodeAstro Ecommerce Website 1.0 is affected by CVE-2026-14799 due to a SQL injection in /customer/my_account.php?my_wishlist when manipulating the delete_wishlist argument. The issue is exploitable remotely with a low-privilege, no-user-interaction path (network vector, low complexity; exploit ma...
CVE-2026-14767
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...
CVE-2026-14767 CodeAstro Ecommerce Website POST Parameter confirm.php sql injection
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...
EUVD-2026-41777
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...
CVE-2026-14767
A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...
CVE-2026-14767
CodeAstro Ecommerce Website 1.0 contains a SQL injection in the POST Parameter Handler within /ecommerce-website-php/customer/confirm.php (invoice_no). The vulnerability can be triggered remotely; the exploit has been released publicly. The CVSS-derived metrics in the sources indicate network att...
PT-2026-55819
Name of the Vulnerable Software and Affected Versions CodeAstro Ecommerce Website version 1.0 Description An SQL injection flaw exists in the POST Parameter Handler component within the file /ecommerce-website-php/customer/confirm.php. A remote attacker can exploit this by manipulating the invoic...
CVE-2026-14639
A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/myaccount.php?editaccount. Such manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-14637
A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...