CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/20 1:16 p.m.•13 views

CVE-2026-42383

7.6CVSS0.00289EPSS

ATTACKERKB•added 2026/05/20 12:55 p.m.•7 views

CVE-2026-42383

Vulnrichment•added 2026/05/20 12:55 p.m.•11 views

Exploits0References2

CVE-2026-42383 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

Cvelist•added 2026/05/20 12:55 p.m.•36 views

CVE-2026-42383 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

7.6CVSS0.00289EPSS

CVE•added 2026/05/20 12:55 p.m.•18 views

CVE-2026-42383

The CVE-2026-42383 entry concerns the WordPress plugin “YITH WooCommerce Product Add-Ons” (affected versions: n/a through 4.29.0). The issue is described as an improper neutralization of special elements in SQL commands, i.e., a SQL Injection vulnerability that can enable blind SQL injection. Rel...

EUVD•added 2026/05/20 12:55 p.m.•10 views

EUVD-2026-31098

CNNVD•added 2026/05/20 12:0 a.m.•9 views

WordPress plugin YITH WooCommerce Product Add-Ons SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.6CVSS5.9AI score0.00289EPSS

Vulnrichment•added 2026/02/01 12:15 p.m.•2 views

CVE-2021-47908 Ultimate POS 4.4 Persistent Cross-Site Scripting via Product Name

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack us...

6.4CVSS5.5AI score0.00305EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 8:59 a.m.•5 views

CVE-2023-49777

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0...

9.1CVSS8.5AI score0.0069EPSS

EUVD•added 2025/11/10 12:30 a.m.•5 views

EUVD-2025-38722

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

4.8CVSS5.2AI score0.00286EPSS

Exploits1References8

NVD•added 2025/11/09 11:15 p.m.•7 views

CVE-2025-12920

4.8CVSS0.00286EPSS

Exploits1References7

CNVD•added 2025/10/31 12:0 a.m.•2 views

E-Commerce Website product_add.php File Cross-Site Scripting Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameters prodname/proddesc/prodcos in the file /pages/productadd.php, which can be exploite...

6.1CVSS6.3AI score0.00356EPSS

Exploits1References1

RedhatCVE•added 2025/10/28 10:59 p.m.•13 views

CVE-2025-12334

A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument prodname/proddesc/prodcost results in cross site scripting. It is possible to launch the attack remotely. The exploit has been mad...

6.1CVSS3.9AI score0.00356EPSS

Exploits1References1

NVD•added 2025/10/27 11:15 p.m.•6 views

CVE-2025-12334

6.1CVSS0.00356EPSS

OSV•added 2025/10/27 11:15 p.m.•4 views

CVE-2025-12334

6.1CVSS4.3AI score0.00356EPSS

Cvelist•added 2025/10/27 10:32 p.m.•6 views

CVE-2025-12334 code-projects E-Commerce Website product_add.php cross site scripting

5.3CVSS0.00356EPSS

Vulnrichment•added 2025/10/27 10:32 p.m.•3 views

CVE-2025-12334 code-projects E-Commerce Website product_add.php cross site scripting

5.3CVSS3.9AI score0.00356EPSS