CVE-2026-1906 PDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the wpoipsedisaveordercustomerpeppolidentifiers AJAX action due to missing capability checks and order ownership validation. This...

EUVD-2006-5092

Malware in sbrugna...

EUVD-2025-14176

Malicious code in bioql PyPI...

CVE-2021-24402

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

CVE-2025-46189

SourceCodester Client Database Management System 1.0 is affected by a SQL Injection in user_order_customer_update.php via the order_id POST parameter. Root cause: improper handling/validation of the order_id parameter. Impact: potential unauthorized access/modification of the database (per CVSS 3...

Sql injection

SQL Injection vulnerability in the orderGoodsDelivery function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the orderid parameter...

CVE-2024-25248

SQL Injection vulnerability in the orderGoodsDelivery function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the orderid parameter...

CVE-2024-25248

SQL Injection vulnerability in the orderGoodsDelivery function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the orderid parameter...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WP iCommerce WordPress plugin 1.1.1 and earlier versions,...

Reddit: IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter

Summary: This vulnerability consist of modifying the PayPal transaction ID to buy a big coin pack but paying the small price for it. Impact: The only impact here could be that you don't earn the money you deserve, and users can offer a lot of presents to other users, breaking the magic of the...

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Car Seller - Auto Classifieds Script WordPress plugin...

CVE-2020-29156

The CVE concerns the WooCommerce plugin for WordPress, affecting versions prior to 4.7.0. A defect in the fetch_order_status action permits remote attackers to disclose the status of arbitrary orders by supplying an order_id. The root cause is improper authorization/validation in the order status...

Cross site scripting

Cross-site scripting XSS vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in the galleryalbumsorting page to wp-admin/admin.php...

CVE-2014-8758

Cross-site scripting XSS vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in the galleryalbumsorting page to wp-admin/admin.php...

CVE-2009-4570

Cross-site scripting XSS vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in an order/orderprint action to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in an order/orderprint action to the default URI...

CVE-2009-4570

Cross-site scripting XSS vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the orderid parameter in an order/orderprint action to the default URI...

MyDLstore Pixel Ad Script - payment.php Cross-Site Scripting

MyDLstore Pixel Ad Script - payment.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43448/info MyDLstore Pixel Ad Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...