PT-2026-2214

Name of the Vulnerable Software and Affected Versions Spree versions prior to 4.10.2 Spree versions prior to 5.0.7 Spree versions prior to 5.1.9 Spree versions prior to 5.2.5 Description Spree is an open source e-commerce solution built with Ruby on Rails. An Authenticated Insecure Direct Object...

CVE-2026-21448 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the add address step they can inject a value to run in admin view. The issue can lead to remote code execution. Version...

CVE-2026-21448

Bagisto (Webkul Bagisto) is an open-source Laravel e-commerce platform. CVE-2026-21448 affects versions prior to 2.3.10 and is caused by a server-side template injection in the add-address step during checkout, which can lead to remote code execution. A patch is available in version 2.3.10. Some ...

CVE-2023-34184

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Bhavik Patel Woocommerce Order address Print plugin = 3.2 versions...

CVE-2023-34184

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Bhavik Patel Woocommerce Order address Print plugin = 3.2 versions...

CVE-2023-34184

CVE-2023-34184 – Unauthenticated reflected Cross-Site Scripting in Bhavik Patel Woocommerce Order address Print plugin ≤ 3.2. Affected product: WordPress plugin; vulnerability type: reflected XSS. Impact and CVSS: sources report base scores around 6.1 (NVD) and 7.1 (PatchStack CNA), both indicati...

WordPress plugin woocommerce-order-address-print 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Woocommerce Order address Print Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)

Software Woocommerce Order address Print Type Plugin Vulnerable versions = 3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34184 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 730bec70380b Credits Nguye...

Improper Input Validation

Overview solidusfrontend is a cart and storefront for the Solidus e-commerce project. Affected versions of this package are vulnerable to Improper Input Validation. It allows a malicious customer to craft request data with parameters that allow changing the address of the current order without...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. It allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with a...

CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...

CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the...