PT-2025-20087 · WordPress · Product Quantity Dropdown For Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Quantity Dropdown For Woocommerce versions 1.2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions 1.2 and earlier, update to a...

CVE-2025-3889

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'processpaymentdata' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the...

CVE-2025-3889

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'processpaymentdata' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the...

CVE-2025-3889 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity'

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'processpaymentdata' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the...

CVE-2025-3889 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity'

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'processpaymentdata' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the...

CVE-2025-3889

CVE-2025-3889 affects WordPress Simple Shopping Cart (WordPress plugin) up to version 5.1.3, via Insecure Direct Object Reference in process_payment_data. Unauthenticated attackers can set a product quantity to a negative value, subtracting cost from the total, and the attack is only effective in...

PT-2025-18383 · WordPress · Wordpress Simple Shopping Cart

Name of the Vulnerable Software and Affected Versions: WordPress Simple Shopping Cart plugin versions up to, and including, 5.1.3 Description: The issue allows unauthenticated attackers to manipulate the quantity of a product to a negative number, effectively subtracting the product cost from the...

Wordfence: The World’s Leading Quality WordPress Vulnerability Intelligence Provider

On April 8th, 2024, we released our 2024 Annual WordPress Security Report, highlighting key trends and insights across the evolving landscape of WordPress security. Today, we want to shine a spotlight on Wordfence’s contributions through our Bug Bounty Program, and reaffirm our commitment to...

📄 AlegroCart 1.2.9 Logic Flaw

AlegroCart version 1.2.9 suffers from a business logic flaw that allows for price manipulation. Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Busines...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the decodeFromBytes function for MRT BGP4MPHeaders in mrt.go. A local attacker can cause unexpected behavior by sending malicious packets. Remediation Upgrade...

Local Data Quantity-Aware Weighted Averaging for Federated Learning with Dishonest Clients

Whitepaper called Local Data Quantity-Aware Weighted Averaging For Federated Learning With Dishonest Clients...

BIT-DOLIBARR-2022-0414 Improper Validation of Specified Quantity in Input in dolibarr/dolibarr

Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0...

BIT-DOLIBARR-2022-0174 Improper Validation of Specified Quantity in Input in dolibarr/dolibarr

Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr...

WordPress Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin <= 4.0.3 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Quantity Dynamic Pricing & Bulk Discounts for WooCommerce versions = 4.0.3...

WordPress plugin Quantity Dynamic Pricing & Bulk Discounts for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization passed through the quantity parameter. PoC html history.pushState'', '', '/'; document.forms0.submit; Remediation There is no fixed version for phpoffice/phpexcel. References -...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization passed through the quantity parameter. PoC html history.pushState'',...

CVE-2024-50944

Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method...

CVE-2024-50944

Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method...

CVE-2024-50944

Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method...