128 matches found
CVE-2026-56070
Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...
CVE-2026-56070 WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability
Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...
EUVD-2026-39723
Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...
CVE-2026-56070
WordPress Advance Product Search plugin (
CVE-2026-42664
Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...
CVE-2026-42664
CVE-2026-42664 affects the WordPress plugin AI Product Search for WooCommerce – Motive Commerce Search, version
EUVD-2026-36829
Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...
CVE-2026-42664 WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...
PT-2026-49455
Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...
CVE-2026-42877
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
CVE-2026-42877
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
EUVD-2026-32630
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
CVE-2026-42877
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
FacturaScripts 跨站脚本漏洞
FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.92 contained a cross-site scripting vulnerability. This vulnerability stemmed from a stored-cross-site scripting vulnerability present in the product search moda...
WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin AI Product Search for WooCommerce Motive Commerce Search versions = 1.38.2...
PT-2026-38615
Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...
SQL Injection
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to SQL Injection via the search parameter. An attacker can manipulate database queries and extract sensitive information by injecting malicious SQL code through crafted GET requests to the produc...
EUVD-2024-55504
OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitiv...
CVE-2024-58341
OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitiv...
PT-2026-27786
Name of the Vulnerable Software and Affected Versions OpenCart Core version 4.0.2.3 Description The software contains a SQL injection flaw that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the search parameter. This is achieved by sending...