Prodigy Commerce <= 3.3.0 - Local File Inclusion

Prodigy Commerce WordPress plugin = 3.2.9 contains a local file inclusion caused by improper sanitization of 'parameterstemplatename' parameter, letting unauthenticated attackers include and execute arbitrary files remotely. id: CVE-2026-0926 info: name: Prodigy Commerce = 3.3.0 - Local File...

Prodigy Commerce 3.3.0 - Local File Inclusion

Exploit Title: Prodigy Commerce 3.3.0 - Local File Inclusion Date: 23-05-2026 Exploit Author: Diamorphine Vendor Homepage: https://prodigycommerce.com/ Software Link: https://wordpress.org/plugins/prodigy-commerce/ Version: 3.2.9 Tested on: Debian CVE : CVE-2026-0926 Description: Prodigy Commerce...

📄 WordPress Prodigy Commerce 3.2.9 Local File Inclusion

WordPress Prodigy Commerce plugin versions 3.2.9 and below suffer from a local file inclusion vulnerability. Exploit Title: Prodigy Commerce 3.3.0 - Local File Inclusion Date: 23-05-2026 Exploit Author: Diamorphine Vendor Homepage: https://prodigycommerce.com/ Software Link:...

CVE-2026-0926

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameterstemplatename' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server...

WordPress Prodigy Commerce plugin <= 3.2.9 - Unauthenticated Local File Inclusion via parameters[template_name] vulnerability

Unauthenticated Local File Inclusion via parameterstemplatename vulnerability discovered by WordFence in WordPress Plugin Prodigy Commerce versions = 3.2.9...

CVE-2026-0926

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameterstemplatename' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server...

CVE-2026-0926

Prodigy Commerce WordPress plugin

CVE-2026-0926 Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameterstemplatename' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server...

CVE-2026-0926 Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameterstemplatename' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server...

PT-2026-20630

Name of the Vulnerable Software and Affected Versions Prodigy Commerce versions prior to 3.2.9 Description The Prodigy Commerce plugin for WordPress is susceptible to a Local File Inclusion issue. This allows unauthenticated attackers to include and read arbitrary files or execute arbitrary files...

WordPress plugin Prodigy Commerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2024-52376

Malicious code in bioql PyPI...

EUVD-2024-52377

Malicious code in bioql PyPI...

CVE-2024-54250

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through = 3.0.8...

CVE-2024-54251

Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through = 3.1.2...

CVE-2024-54250

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through = 3.0.8...

CVE-2024-54250 WordPress Prodigy Commerce plugin <= 3.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through = 3.0.8...

CVE-2024-54250

CVE-2024-54250 : Prodigy Commerce WordPress plugin contains a DOM-based XSS due to improper input neutralization during web page generation, affecting versions up to 3.0.8. Mitigation: upgrade to a version later than 3.0.8 (documented remediation). The connected records confirm the vulnerability ...

CVE-2024-54250 WordPress Prodigy Commerce plugin <= 3.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through = 3.0.8...

WordPress plugin Prodigy Commerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...