Lucene search
+L

1735 matches found

NVD
NVD
added yesterday7 views

CVE-2026-13755

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00225EPSS
Exploits0References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-44894

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.3AI score0.00225EPSS
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-13755

The Tickera – Sell Tickets & Manage Events WordPress plugin (up to version 3.6.0.0) is affected by a Stored Cross‑Site Scripting vulnerability via the price_wrapper shortcode attribute. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with co...

6.4CVSS6.3AI score0.00225EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-60118 Hi.Events < 1.11.0 Hidden Ticket Enumeration via Order Creation Endpoint

Hi.Events before 1.11.0 contains a missing server-side visibility enforcement vulnerability that allows unauthenticated attackers to purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hidd...

6.9CVSS0.00235EPSS
Exploits0References5
NVD
NVD
added 3 days ago4 views

CVE-2026-11567

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...

5.9CVSS0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 4:31 a.m.7 views

EUVD-2026-42797

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/05 2:0 p.m.9 views

EUVD-2026-41760

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 3:16 p.m.13 views

CVE-2026-13571

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS0.00383EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:30 p.m.7 views

CVE-2026-13571

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS5.7AI score0.00383EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/29 1:30 p.m.35 views

CVE-2026-13571 SourceCodester Simple Food Ordering System cart.php logic error

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS0.00383EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 1:30 p.m.9 views

EUVD-2026-40095

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS5.7AI score0.00383EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 1:30 p.m.15 views

CVE-2026-13571

The CVE-2026-13571 affects SourceCodester Simple Food Ordering System 1.0. A flaw in an unknown function in /cart.php allows manipulation of the item_price argument, leading to business logic errors. The vulnerability can be exploited remotely, and an exploit has been published. No remediation or...

6.9CVSS5.7AI score0.00383EPSS
Exploits0References6
NVD
NVD
added 2026/06/19 4:16 p.m.17 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:44 p.m.6 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/19 3:44 p.m.40 views

CVE-2017-20260 Joomla! Component Price Alert 3.0.2 SQL Injection

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 3:44 p.m.19 views

CVE-2017-20260

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 3:44 p.m.7 views

EUVD-2017-18987

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/19 9:3 a.m.32 views

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.21 views

PT-2026-50937

Name of the Vulnerable Software and Affected Versions Joomla! Component Price Alert version 3.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. By sending requests to the 'subscribeajax' view with crafted payloads in the product id parameter,...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-22334

Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...

7.5CVSS0.00467EPSS
Exploits0References1
Rows per page
Query Builder