CVE-2026-1381

The Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-30152

CVE-2025-30152 : The Sylius PayPal Plugin (for PayPal Commerce) has an order manipulation vulnerability after PayPal Checkout. Before versions 1.6.2, 1.7.2, and 2.0.2, a user can return to the order summary page and modify the cart contents, potentially causing the merchant to receive less paymen...

CVE-2021-26631

Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order...

Input validation

Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order...

CVE-2021-26631 Mangboard parameter modulation vulnerability

Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order...

CVE-2021-26631

The CVE-2021-26631 entry concerns Mangboard commerce package: an improper input validation vulnerability that allows a remote attacker to manipulate an order’s total amount to a negative value and complete payment. Public sources mention affected versions prior to 1.3.8 (CNNVD), with additional d...

Guangdong Agricultural Credit WeChat public number has a logic flaw vulnerability

Guangdong Agricultural Credit WeChat Public Number is the official WeChat public number of Guangdong Rural Credit Union Federation, which mainly publicizes the financial services and reform and development achievements of the provincial federation and the province's agricultural commercial banks...

Logic Flaw Vulnerability in Rice CMS

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A logic flaw vulnerability exists in Daimi CMS, which can be exploited by an attacker to modify the order amount...

Zomato: Able to manipulate order amount by removing cancellation amount and cause financial impact

@sjvino identified an issue where it could have allowed to tamper the cancellation amount and pay less than the actual order amount. Steps submitted by the researcher to reproduce the issue maybe it will help new folks in the community to learn something out of it - - Select Items and add them to...