200 matches found
CVE-2026-7859
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-7859
CVE-2026-7859 affects the Motors WordPress plugin before 1.4.110. The vulnerability arises from missing proper authorisation and CSRF checks on an AJAX action, allowing unauthenticated attackers to modify arbitrary post metadata (e.g., gallery, featured image) and, on WooCommerce sites, product p...
CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
EUVD-2026-38214
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-7859
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-8627
The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...
MAL-2026-4800 Malicious code in web3-prices (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee650bfe594eb17193a4760fd6fc279eb10670ae045500913ea673951427b47e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview web3-prices is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious code in web3-prices (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee650bfe594eb17193a4760fd6fc279eb10670ae045500913ea673951427b47e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Correct Prices plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Correct Prices versions = 1.0...
CVE-2026-8627
The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...
CVE-2026-8627
The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...
EUVD-2026-31023
The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...
CVE-2026-8627
The CVE-2026-8627 entry affects the WordPress plugin Correct Prices (
WordPress plugin Correct Prices 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
WordPress plugin Cost Calculator Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2023-60559
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, typeid, distance, facilities, categories, prices, location, and Itemid. Attackers can...
CVE-2026-30573
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...
CVE-2026-30576
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...
CVE-2026-30576
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...