Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/04/08 9:31 a.m.1 views

EUVD-2026-20105

The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permissioncallback' set to 'returntrue', meaning no...

5.3CVSS5.9AI score0.00085EPSS
Exploits0References10
Cvelist
Cvelistadded 2026/02/19 4:36 a.m.23 views

CVE-2025-14294 Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification

The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials permission callback always returning true,...

5.3CVSS0.00219EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/09 9:16 a.m.2 views

CVE-2025-14460

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the 'fail' callback from the...

5.3CVSS5.8AI score0.00042EPSS
Exploits0References1
CVE
CVEadded 2025/12/05 2:2 p.m.5 views

CVE-2025-14085

The CVE-2025-14085 entry concerns youlaitech youlai-mall versions 1.0.0–2.0.0. The vulnerability resides in an unknown function under the /app-api/v1/orders/ endpoint, where manipulating the orderId parameter leads to improper control of dynamically-identified variables. This enables remote explo...

8.8CVSS6.1AI score0.00047EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2025/08/26 7:6 a.m.7 views

CVE-2024-8860

The CVE-2024-8860 case concerns the WordPress Tourfic plugin (versions up to and including 2.14.5). The vulnerability arises from missing capability checks in multiple functions (tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order...

4.3CVSS6.2AI score0.00055EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/08/23 12:0 a.m.2 views

PT-2025-34507 · WordPress · Simpler Checkout

Name of the Vulnerable Software and Affected Versions: Simpler Checkout versions 0.7.0 through 1.1.9 Description: The Simpler Checkout plugin for WordPress is susceptible to authentication bypass. The plugin does not properly verify a user’s identity before granting access as an administrator...

9.8CVSS6.8AI score0.00439EPSS
Exploits0References8
CNNVD
CNNVDadded 2023/11/28 12:0 a.m.1 views

OroCommerce Access Control Error Vulnerability

OroCommerce is an open source business-to-business commerce application from Oro. An access control error vulnerability exists in OroCommerce that stems from allowing Order IDs to receive detailed order total information. Affected product versions: OroCommerce versions 4.2.0 through 4.2.10, 5.0.0...

5.8CVSS6.8AI score0.00246EPSS
Exploits0References1
Snyk
Snykadded 2021/10/31 7:51 a.m.1 views

Cross-site Scripting (XSS)

Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Cross-site Scripting XSS by using the index.php?s=order&ids="alert1; payload. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script...

5.4CVSS5.2AI score
Exploits0References2
Rows per page
Query Builder