23 matches found
CVE-2026-45800
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...
Vvveb SQL注入漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had an SQL injection vulnerability. This vulnerability stemmed from an SQL injection issue on the front-end user order history page...
PT-2026-41360
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The order by and...
CVE-2026-25483
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...
EUVD-2026-5209
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...
Craft Commerce 跨站脚本漏洞
Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce from 4.0.0-RC1 to 4.10.0, as well as from 5.0.0 to 5.5.1, have a cross-site scripting vulnerability. This vulnerability stems from the use of the |md filter for rendering order...
Cross-site Scripting (XSS)
Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS in the orderHistory.message. An attacker can execute arbitrary scripts in the context of the admin panel by injecting malicious payloads into the status message field, which...
EUVD-2009-2262
Malware in sbrugna...
CVE-2024-37201
Missing Authorization vulnerability in javmah Woocommerce Customers Order History allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woocommerce Customers Order History: from n/a through 5.2.2...
CVE-2014-9026
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors...
PT-2024-27369 · Woocommerce · Woocommerce Customers Order History
Name of the Vulnerable Software and Affected Versions: WooCommerce Customers Order History versions through 5.2.2 Description: The issue is related to a Missing Authorization vulnerability in WooCommerce Customers Order History, allowing exploitation of incorrectly configured access control...
WordPress plugin Woocommerce Customers Order History 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Woocommerce Customers Order History plugin <= 5.2.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Woocommerce Customers Order History versions = 5.2.2...
WordPress Woocommerce Customers Order History Plugin <= 5.2.2 is vulnerable to Broken Access Control
Software Woocommerce Customers Order History Type Plugin Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37201 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 813e88bf4b3c Credits Abdi Pranat...
WordPress Customer Order History for WooCommerce Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)
Software Customer Order History for WooCommerce Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1e9541c2f16e Credits Rafie Muhamma...
WordPress Woocommerce Customers Order History Plugin <= 5.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Woocommerce Customers Order History Type Plugin Vulnerable versions = 5.2.1 Fixed in 5.2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3720c02990cd Credits Rafie Muhamm...
Online Restaurant Management System SQL注入漏洞
Online Restaurant Management System is a Code-projects open source online restaurant management system. A security vulnerability exists in Code-projects Online Restaurant Management System version 1.0, which allows an attacker to bypass the administration panel and view order history, add product...
WordPress Woocommerce Customers Order History plugin <= 5.2.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Woocommerce Customers Order History plugin versions = 5.2.0. Solution Update the WordPress Woocommerce Customers Order History plugin to the latest available version at least 5.2.1...
WordPress Woocommerce Customers Order History plugin <= 5.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Woocommerce Customers Order History plugin versions = 5.2.0. Solution Update the WordPress Woocommerce Customers Order History plugin to the latest available version at least 5.2.1...
Information disclosure
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors...