16 matches found
CVE-2025-12115
The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it...
CVE-2025-12115 WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration
The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it...
CVE-2025-12115 WPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price Alteration
The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it...
CVE-2025-12115
CVE-2025-12115 affects the WordPress plugin “WPC Name Your Price for WooCommerce” (versions up to and including 2.1.9). The root cause is that the plugin does not disable the ability to enter a custom price for a product when it has been disabled, allowing unauthenticated actors to purchase at lo...
EUVD-2021-22663
Malware in sbrugna...
EUVD-2021-22645
Malware in sbrugna...
CVE-2021-36012
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item...
CVE-2021-36030
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items...
CVE-2021-36030
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items...
Code injection
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item...
CVE-2021-36030 Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items...
CVE-2021-36030
Magento Commerce before 2.4.2-p1 and 2.3.7 (and earlier 2.4.2) contain an improper input validation flaw during checkout that can let an unauthenticated attacker alter item prices. This is documented across multiple sources (NVD entry CVE-2021-36030, GHSA/RHFF-65HP-55RW, OSV, and related advisori...
CVE-2021-36012
CVE-2021-36012 describes a business-logic flaw in Magento Commerce’s placeOrder GraphQL mutation where an authenticated attacker can alter the price of an item, affecting Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier). The vulnerability stems from a...
Order Override Vulnerability in Rice CMS
DAMI CMS is an all-in-one system for pc and mobile site building. Rice CMS v6.0.0 suffers from an order override vulnerability, which can be exploited by an attacker to grab order packets and change prices in an order to purchase a company product...
Yahoo! Store Security Advisory
Yahoo! Store Security Advisory Advisory: http://securitytracker.com/id?1011403 Date: September 23, 2004 Vendor: Yahoo! Product: Yahoo! Store Status: Fixed by the vendor; Coordinated release Credit: Ben Efros [email protected] http://www.citiprice.com/ Description: Ben Efros reported the followin...
Черный ход в Dansie Shopping Cart
Разработчики оставили для себя возможность удаленного управления системой. Кроме того, любой ползователь может изменить цену покупки...