Lucene search
K

13 matches found

CNNVD
CNNVD
added 2026/06/06 12:0 a.m.12 views

WordPress plugin Klamra Paycal for Aspaclaria 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/25 6:0 a.m.25 views

CVE-2026-2343 PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...

0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin PeproDev Ultimate Invoice 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-27640

Name of the Vulnerable Software and Affected Versions PeproDev Ultimate Invoice WordPress plugin versions through 2.2.5 Description The plugin allows for the bulk download of invoices, generating ZIP archives containing exported invoice PDFs. The ZIP file names are predictable, potentially allowi...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.4 views

CVE-2024-34717

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random securekey parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available...

5.3CVSS6.8AI score0.00521EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-1499

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00521EPSS
Exploits0References5
OSV
OSV
added 2024/05/24 7:31 a.m.38 views

BIT-PRESTASHOP-2024-34717 Anonymous PrestaShop customer can download other customers' invoices

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random securekey parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available...

5.3CVSS5AI score0.00521EPSS
Exploits0References3
Veracode
Veracode
added 2024/05/15 6:29 a.m.17 views

Insecure Direct Object Reference (IDOR)

prestashop/prestashop is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access controls, which allows any invoice to be downloaded from the front-office in anonymous mode by supplying a random securekey parameter in the URL...

5.3CVSS6.9AI score0.00521EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/05/14 4:17 p.m.34 views

CVE-2024-34717

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random securekey parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available...

5.3CVSS5.2AI score0.00521EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/14 3:47 p.m.20 views

CVE-2024-34717 Anonymous PrestaShop customer can download other customers' invoices

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random securekey parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available...

5.3CVSS6.7AI score0.00521EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 3:47 p.m.15 views

CVE-2024-34717 Anonymous PrestaShop customer can download other customers' invoices

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random securekey parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available...

5.3CVSS5.4AI score0.00521EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

PrestaShop 信息泄露漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. An information disclosure vulnerability exists in PrestaShop versions prior to 8.1.6, which stems from the...

5.3CVSS5.1AI score0.00521EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.5 views

PT-2024-26131 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop version 8.1.5 Description: PrestaShop is an open source e-commerce web application. The issue allows any invoice to be downloaded from the front-office in anonymous mode by supplying a random secure key parameter in the url...

5.3CVSS7.2AI score0.00521EPSS
Exploits0References13
Rows per page
Query Builder