37 matches found
CVE-2026-7563
The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...
EUVD-2026-30519
The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...
CVE-2026-7563 Classified Listing <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via add_order_note and send_email_to_user_by_moderator AJAX Actions
The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
CVE-2025-63544
TechStore 1.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the /order_notes endpoint through the id parameter. The issue stems from insufficient input handling for the id parameter, enabling script injection. Impact is XSS in affected pages; no exploitation details are provided in...
TechStore Pro 安全漏洞
TechStore Pro is an e-commerce platform for nooncarlett individual developers. A security vulnerability exists in TechStore Pro version 1.0, which stems from incorrect manipulation of the parameter id in the file /ordernotes and could lead to a cross-site scripting attack...
PT-2025-45504
Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /order notes API endpoint through the id parameter. Recommendations As a mitigation, restrict or sanitize input to the ...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
EUVD-2025-38298
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
EUVD-2024-50528
Malicious code in bioql PyPI...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can add notes to orders in a different virtual instance by specifying the targe...
GHSA-F372-9RCJ-8W2C Liferay Portal and DXP allows users to add a note to a different virtual instance
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...
CVE-2025-43810
Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...