WordPress Appmax plugin <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability

Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability discovered by WordFence in WordPress Plugin Appmax versions = 1.0.3...

CVE-2026-27007

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw...

GHSA-XXVH-5HWJ-42PP OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation

Description normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw sandbox flows, this hash is used to decide whether...

PT-2025-49345

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible for unauthenticated...

EUVD-2024-0229

Malicious code in bioql PyPI...

RestroPress < 2.8.3.1 - Unauthorised AJAX Calls

The plugin did not check for CSRF as well as capability in some of its AJAX calls which should only be accessible by admin. As a result, any authenticated user can change arbitrary order status, as well as access arbitrary order details including PII such as phone number and address PoC Change th...