229 matches found
CVE-2025-6136
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument reciptno leads to sql injection. The attack may be initiated remotely. The...
CVE-2025-4670
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eddreceipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user...
CVE-2023-27202
Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php...
Projectworlds Life Insurance Management System 注入漏洞
Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from improper manipulation of the reciptno parameter and can lead to SQL...
CVE-2025-24574
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader pepro-bacs-receipt-upload-for-woocommerce allows Reflected XSS.This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through =...
WordPress plugin PeproDev WooCommerce Receipt Uploader 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-5415 · Peprodev · Peprodev Woocommerce Receipt Uploader
Name of the Vulnerable Software and Affected Versions: PeproDev WooCommerce Receipt Uploader versions prior to 2.6.9 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This means an attacker can inject...
The vulnerability of the Commerce View Receipt module in the Drupal CMS system, related to deficiencies in the authentication process, allows attackers to circumvent security restrictions and execute a Forceful Browsing attack.
The vulnerability of the Commerce View Receipt module in the Drupal CMS system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...
CVE-2024-13257 Commerce View Receipt - Moderately critical - Access bypass - SA-CONTRIB-2024-021
Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Commerce View Receipt prior to version 1.0.3, which stems from the inclusion of an authorization error vulnerability...
CVE-2024-9654
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verifyguestemail' function to ensure the requesting user is the intended recipient of the purchase receipt. This...
WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin PeproDev WooCommerce Receipt Uploader versions = 2.6.9...
CVE-2024-8873 PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting
The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-8873 PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting
The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrar...
WordPress plugin PeproDev WooCommerce Receipt Uploader 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-16497 · Unknown · Projectworlds Life Insurance Management System
Name of the Vulnerable Software and Affected Versions: Project Worlds Life Insurance Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /editPayment.php. The manipulation of the recipt no argument leads to SQL injection...
WordPress Smart Online Order for Clover plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via moo_receipt_link Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via mooreceiptlink Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Smart Online Order for Clover versions = 1.5.7...
PT-2024-39921 · WordPress · Smart Online Order For Clover
Name of the Vulnerable Software and Affected Versions: Smart Online Order for Clover plugin for WordPress versions up to, and including, 1.5.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's moo receipt link shortcode due to insufficient input sanitization and...
PT-2024-39291 · WordPress · Peprodev Woocommerce Receipt Uploader
Name of the Vulnerable Software and Affected Versions: PeproDev WooCommerce Receipt Uploader plugin for WordPress versions up to, and including, 2.6.9 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This...
SUSE CVE-2023-52889
In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SKCTXsk-label is updated in...