265 matches found
CVE-2026-13571
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...
EUVD-2026-40095
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...
CVE-2026-49110
The CVE-2026-49110 entry concerns the WordPress plugin Upsell Order Bump Offer for WooCommerce, affected in versions <= 3.1.4. It describes an Unauthenticated Broken Authentication vulnerability enabling price manipulation in Upsell Order Bump offers. CVSSv3.1 metrics indicate Network attack v...
CVE-2026-49110 WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...
CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function saveproduct of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performe...
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability
Price Manipulation vulnerability discovered by Jakub Herman in WordPress Plugin Upsell Order Bump Offer for WooCommerce versions = 3.1.4...
CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress (
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
EUVD-2025-209816
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
PT-2026-40557
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccb woocommerce payment AJA...
WordPress Cost Calculator Builder plugin <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability
Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder versions = 4.0.1...
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
EUVD-2026-26006
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911 Booking Package <= 1.7.06 - Unauthenticated Price Manipulation via 'amount' Parameter
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911 Booking Package <= 1.7.06 - Unauthenticated Price Manipulation via 'amount' Parameter
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...
CVE-2026-4911
The Booking Package WordPress plugin (versions up to and including 1.7.06) is vulnerable to unauthenticated price manipulation via the amount parameter in PaymentIntent creation. The root cause is that user-controlled $_POST['amount'] is sent to Stripe without validation, and the server-calculate...
CVE-2026-4911
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe function passing user-controlled $POST'amount' directly to the Stripe PaymentIntent API without validation, and the commitStripe function ignori...