Lucene search
K

8 matches found

NVD
NVD
added 2026/06/22 6:16 a.m.11 views

CVE-2026-7859

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

5.3CVSS0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 6:0 a.m.13 views

CVE-2026-7859

CVE-2026-7859 affects the Motors WordPress plugin before 1.4.110. The vulnerability arises from missing proper authorisation and CSRF checks on an AJAX action, allowing unauthenticated attackers to modify arbitrary post metadata (e.g., gallery, featured image) and, on WooCommerce sites, product p...

5.3CVSS6AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 6:0 a.m.32 views

CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

0.00117EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 6:0 a.m.11 views

EUVD-2026-38214

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

5.3CVSS6AI score0.00117EPSS
Exploits0References1
Prion
Prion
added 2023/06/07 1:15 p.m.18 views

Authorization

The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmcbulkfixedprice function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, ...

4CVSS6.2AI score0.00802EPSS
Exploits3References3Affected Software1
Exploit DB
Exploit DB
added 2014/07/14 12:0 a.m.91 views

Shopizer 1.1.5 - Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v...

9.8CVSS9.5AI score0.88829EPSS
Exploits16
NVD
NVD
added 2003/09/17 4:0 a.m.15 views

CVE-2002-1352

Per Magne Knutsen's CartMan shopping cart cartman.php 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter...

5CVSS6.7AI score0.01101EPSS
Exploits1References2
CVE
CVE
added 2003/09/12 4:0 a.m.47 views

CVE-2002-1352

The CVE-2002-1352 entry concerns Magne Knutsen’s CartMan shopping cart (cartman.php) version 1.04 and earlier. The vulnerability allows remote attackers to modify product prices by altering the price parameter. The connected CVE sources (NVD/CVE records) confirm the affected component and the und...

5CVSS7.1AI score0.01101EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder