325 matches found
SQL Injection
org.linlinjava, litemall-wx-api is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input in the list function of WxGoodsController within the Front-end WeChat API, which allows a remote attacker to perform SQL injection attacks by manipulating craft...
CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization
A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...
EUVD-2026-36679
A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...
CVE-2026-6962
The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwccogproductcost' and 'algwccogproductprofit' shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitization an...
CVE-2026-7613
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
WordPress Cost of Goods by PixelYourSite plugin <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Cost of Goods by PixelYourSite versions = 1.2.12...
CVE-2026-7613
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2026-7613
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
EUVD-2026-31126
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2026-7613
CVE-2026-7613 affects the Cost of Goods by PixelYourSite plugin for WordPress. It allows unauthenticated Stored XSS via csvdata[0][cost_of_goods_value] in versions up to 1.2.12 due to insufficient input sanitization and output escaping, enabling arbitrary scripts to run on pages loaded by users. ...
WordPress plugin Cost of Goods by PixelYourSite 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-42198
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0cost of goods value' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the /wx/goods/list endpoint in the front-end WeChat API. An attacker can access, modify, or delete sensitive data by sending specially crafted input to the API endpoint. Remediation There is no fixed version for...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the /wx/goods/list endpoint in the front-end WeChat API. An attacker can access, modify, or delete sensitive data by sending specially crafted input to the API endpoint. Remediation There is no fixed version for...
EUVD-2026-30716
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...
org.linlinjava:litemall-wx-api has an Injection issue
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in SQL injection. Remote...
CVE-2026-8771
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...
CVE-2026-8771 linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...