7 matches found
CVE-2026-32459
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through = 2.2.4...
CVE-2026-32459
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through = 2.2.4...
CVE-2026-32459
The CVE describes an SQL Injection vulnerability (blind) in the WordPress UpsellWP plugin (checkout-upsell-and-order-bumps) affecting versions up to 2.2.4. Root cause: improper neutralization of special elements used in SQL commands. Impact stated as Blind SQL Injection, but no exploitation detai...
CVE-2026-25419
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through = 2.2.5...
CVE-2026-25419
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through = 2.2.3...
CVE-2026-25419 WordPress UpsellWP plugin <= 2.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through = 2.2.3...
CVE-2026-25419
CVE-2026-25419 is a Missing Authorization vulnerability described as Broken Access Control in the UpsellWP plugin (checkout-upsell-and-order-bumps). Affected software: UpsellWP for WordPress, version range from n/a through 2.2.5 (per initial doc); Red Hat entry and PatchStack reference reiterate ...