8 matches found
CVE-2026-7859
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
CVE-2026-7859
CVE-2026-7859 affects the Motors WordPress plugin before 1.4.110. The vulnerability arises from missing proper authorisation and CSRF checks on an AJAX action, allowing unauthenticated attackers to modify arbitrary post metadata (e.g., gallery, featured image) and, on WooCommerce sites, product p...
CVE-2026-7859 Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
EUVD-2026-38214
The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...
Authorization
The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmcbulkfixedprice function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, ...
Shopizer 1.1.5 - Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v...
CVE-2002-1352
Per Magne Knutsen's CartMan shopping cart cartman.php 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter...
CVE-2002-1352
The CVE-2002-1352 entry concerns Magne Knutsen’s CartMan shopping cart (cartman.php) version 1.04 and earlier. The vulnerability allows remote attackers to modify product prices by altering the price parameter. The connected CVE sources (NVD/CVE records) confirm the affected component and the und...