CVE-2026-0679

The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'checkfortisnotifyresponse' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order...

EUVD-2024-55009

Malicious code in bioql PyPI...

CVE-2024-8860

The CVE-2024-8860 case concerns the WordPress Tourfic plugin (versions up to and including 2.14.5). The vulnerability arises from missing capability checks in multiple functions (tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order...

WordPress Shopping Cart & eCommerce Store plugin <= 5.7.8 - Missing Authorization to Order Updates vulnerability

Missing Authorization to Order Updates vulnerability discovered by Lucio Sá in WordPress Plugin WP EasyCart versions = 5.7.8...

GLPI Cross-Site Scripting Vulnerability (CNVD-2021-17778)

GLPI is an open source software for IT equipment management, developed using the PHP language. A cross-site scripting vulnerability exists in GLPI versions prior to 9.5.4 when a logged-in user is updating a work order, and no detailed vulnerability details are available at this time...

GLPI 跨站脚本漏洞

GLPI is an open source software for IT equipment management, developed using the PHP language. A cross-site scripting vulnerability exists in GLPI versions prior to 9.5.4 when a logged-in user is updating a work order, and no detailed vulnerability details are available at this time...