Lucene search
K

16 matches found

NVD
NVD
added 2025/10/31 10:15 a.m.6 views

CVE-2025-12115

The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it...

7.5CVSS0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/31 9:27 a.m.7 views

CVE-2025-12115 WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration

The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it...

7.5CVSS0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/31 9:27 a.m.2 views

CVE-2025-12115 WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration

The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it...

7.5CVSS5.6AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 2025/10/31 9:27 a.m.24 views

CVE-2025-12115

CVE-2025-12115 affects the WordPress plugin “WPC Name Your Price for WooCommerce” (versions up to and including 2.1.9). The root cause is that the plugin does not disable the ability to enter a custom price for a product when it has been disabled, allowing unauthenticated actors to purchase at lo...

7.5CVSS5.6AI score0.00269EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-22663

Malware in sbrugna...

7.5CVSS7.6AI score0.02294EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-22645

Malware in sbrugna...

6.5CVSS6.5AI score0.01801EPSS
Exploits0References2
OSV
OSV
added 2021/09/01 3:15 p.m.28 views

CVE-2021-36012

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item...

6.5CVSS6.3AI score
Exploits0References1
OSV
OSV
added 2021/09/01 3:15 p.m.21 views

CVE-2021-36030

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items...

7.5CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2021/09/01 3:15 p.m.29 views

CVE-2021-36030

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items...

7.5CVSS0.02294EPSS
Exploits0References1
Prion
Prion
added 2021/09/01 3:15 p.m.23 views

Code injection

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item...

4CVSS6.8AI score0.01801EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/09/01 2:31 p.m.30 views

CVE-2021-36030 Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items...

7.5CVSS7.6AI score0.02294EPSS
Exploits0References1
CVE
CVE
added 2021/09/01 2:31 p.m.58 views

CVE-2021-36030

Magento Commerce before 2.4.2-p1 and 2.3.7 (and earlier 2.4.2) contain an improper input validation flaw during checkout that can let an unauthenticated attacker alter item prices. This is documented across multiple sources (NVD entry CVE-2021-36030, GHSA/RHFF-65HP-55RW, OSV, and related advisori...

7.5CVSS7.5AI score0.02294EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/09/01 2:28 p.m.69 views

CVE-2021-36012

CVE-2021-36012 describes a business-logic flaw in Magento Commerce’s placeOrder GraphQL mutation where an authenticated attacker can alter the price of an item, affecting Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier). The vulnerability stems from a...

6.5CVSS6.2AI score0.01801EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2018/08/09 12:0 a.m.3 views

Order Override Vulnerability in Rice CMS

DAMI CMS is an all-in-one system for pc and mobile site building. Rice CMS v6.0.0 suffers from an order override vulnerability, which can be exploited by an attacker to grab order packets and change prices in an order to purchase a company product...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2004/09/30 12:0 a.m.34 views

Yahoo! Store Security Advisory

Yahoo! Store Security Advisory Advisory: http://securitytracker.com/id?1011403 Date: September 23, 2004 Vendor: Yahoo! Product: Yahoo! Store Status: Fixed by the vendor; Coordinated release Credit: Ben Efros [email protected] http://www.citiprice.com/ Description: Ben Efros reported the followin...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/04/14 12:0 a.m.17 views

Черный ход в Dansie Shopping Cart

Разработчики оставили для себя возможность удаленного управления системой. Кроме того, любой ползователь может изменить цену покупки...

0.7AI score
Exploits0References2Affected Software1
Rows per page
Query Builder