15 matches found
PT-2026-7504
The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
WordPress plugin WaMate Confirm – Order Confirmation 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-13291
A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirmorder.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could b...
EUVD-2024-39123
Malicious code in bioql PyPI...
CVE-2024-41670 PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard
In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disable...
CVE-2024-41670
CVE-2024-41670 – PayPal Official module (PrestaShop) affects PrestaShop 7+ releases before 6.4.2 and PrestaShop 1.6 releases before 3.18.1. A logical weakness in the payment capture flow, when webhooks are disabled, can allow a malicious customer to confirm an order even if PayPal declines the pa...
PrestaShop 安全漏洞
PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop Paypal versions prior to 6.4.2 and prior to 3.18.1, which stems from a...
PT-2024-29497 · Unknown +1 · Prestashop +1
Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 6.4.2 PrestaShop 1.6 versions prior to 3.18.1 Description: A logical weakness in the "PayPal Official" module for PrestaShop can be exploited by a malicious customer to confirm an order even if the payment is...
Home Depot Confirms Data Breach in Order Confirmation SNAFU
Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement...
U.S. Dept Of Defense: Publicly accessible Order confirmations leaking User Emails on ███
Summary: I noticed that a user's order confirmation was publicly accessible leaking email information Description: An attacker can gleam sensitive information that is stored in the order confirmation file Impact Medium Step-by-step Reproduction Instructions...
Threat Outbreak Alert RuleID21982: Email Messages Distributing Malicious Software on June 23, 2016
Medium Alert ID: 44362 First Published: 2016 March 30 17:08 GMT Last Updated: 2016 June 24 13:46 GMT Version: 13 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID21982 and...
PHPOK企业建站系统(支付漏洞1元任意买);
简要描述: PHPOK企业建站系统PHPOK4.4.010支付漏洞1元任意买最新版 详细说明: 1.来到产品展示随便选入一件商品进购物车下订单 2.来到之类点确认支付抓包修改金额 3.改成1元然会出现链接点开就好了 只要1元就可以 漏洞证明: 1.来到产品展示随便选入一件商品进购物车下订单 img src="https://images.seebug.org/upload/201511/0919554096547d3a4eb6da54be5276c7ad0c1967.jpg" a...
Threat Outbreak Alert RuleID17838: Email Messages Distributing Malicious Software on August 2, 2016
Medium Alert ID: 40911 First Published: 2015 September 9 16:05 GMT Last Updated: 2016 August 3 12:52 GMT Version: 27 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17838...
Threat Outbreak Alert: Fake Order Confirmation Email Messages on April 14, 2014
Medium Alert ID: 33788 First Published: 2014 April 14 20:03 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an order confirmation notice for the recipient. The text in the email message attempts to convince the recipient...
Threat Outbreak Alert: Fake Order Confirmation Email Messages on February 12, 2014
Medium Alert ID: 32828 First Published: 2014 February 12 16:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an order confirmation notification for the recipient. The text in the email message attempts to convince the...