Lucene search
K

23 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 6:44 p.m.10 views

CVE-2026-45800

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS5.9AI score0.00265EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Vvveb SQL注入漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had an SQL injection vulnerability. This vulnerability stemmed from an SQL injection issue on the front-end user order history page...

8.7CVSS6AI score0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.18 views

PT-2026-41360

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The order by and...

8.7CVSS5.9AI score0.00265EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.4 views

CVE-2026-25483

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...

6.2CVSS5.5AI score0.003EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 6:5 p.m.5 views

EUVD-2026-5209

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...

6.2CVSS5.5AI score0.003EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability stems from the use of the |md filter for rendering order...

6.2CVSS6.5AI score0.003EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/02 10:43 p.m.2 views

Cross-site Scripting (XSS)

Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS in the orderHistory.message. An attacker can execute arbitrary scripts in the context of the admin panel by injecting malicious payloads into the status message field, which...

6.2CVSS5.6AI score0.003EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-2262

Malware in sbrugna...

5CVSS6.4AI score0.01076EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:43 a.m.6 views

CVE-2024-37201

Missing Authorization vulnerability in javmah Woocommerce Customers Order History allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woocommerce Customers Order History: from n/a through 5.2.2...

4.3CVSS6.9AI score0.00328EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 1:39 a.m.8 views

CVE-2014-9026

The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors...

4CVSS6.1AI score0.00937EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.4 views

PT-2024-27369 · Woocommerce · Woocommerce Customers Order History

Name of the Vulnerable Software and Affected Versions: WooCommerce Customers Order History versions through 5.2.2 Description: The issue is related to a Missing Authorization vulnerability in WooCommerce Customers Order History, allowing exploitation of incorrectly configured access control...

4.3CVSS7.2AI score0.00328EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.4 views

WordPress plugin Woocommerce Customers Order History 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.3AI score0.00328EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/06/20 10:36 a.m.2 views

WordPress Woocommerce Customers Order History plugin <= 5.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Woocommerce Customers Order History versions = 5.2.2...

4.3CVSS7AI score0.00328EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.9 views

WordPress Woocommerce Customers Order History Plugin <= 5.2.2 is vulnerable to Broken Access Control

Software Woocommerce Customers Order History Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37201 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 813e88bf4b3c Credits Abdi Pranat...

4.3CVSS6.3AI score0.00328EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.9 views

WordPress Customer Order History for WooCommerce Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Customer Order History for WooCommerce Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1e9541c2f16e Credits Rafie Muhamma...

6.9AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.4 views

WordPress Woocommerce Customers Order History Plugin <= 5.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Woocommerce Customers Order History Type Plugin Vulnerable versions = 5.2.1 Fixed in 5.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3720c02990cd Credits Rafie Muhamm...

6.9AI score0.00284EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

Online Restaurant Management System SQL注入漏洞

Online Restaurant Management System is a Code-projects open source online restaurant management system. A security vulnerability exists in Code-projects Online Restaurant Management System version 1.0, which allows an attacker to bypass the administration panel and view order history, add product...

9.8CVSS8.4AI score0.00745EPSS
Exploits1References3
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress Woocommerce Customers Order History plugin <= 5.2.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Woocommerce Customers Order History plugin versions = 5.2.0. Solution Update the WordPress Woocommerce Customers Order History plugin to the latest available version at least 5.2.1...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress Woocommerce Customers Order History plugin <= 5.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Woocommerce Customers Order History plugin versions = 5.2.0. Solution Update the WordPress Woocommerce Customers Order History plugin to the latest available version at least 5.2.1...

3.6AI score
Exploits0References2Affected Software1
Prion
Prion
added 2014/11/20 5:50 p.m.15 views

Information disclosure

The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors...

4CVSS6.2AI score0.00937EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder