CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

CVE-2026-4664

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the createreviewpermissionscheck function comparing the user-supplied key parameter against the order's ivolesecretkey meta value using...

CVE-2026-26055 Unauthenticated Admission Webhook Endpoints in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

GHSA-HM9J-CGMM-2W36 Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sort parameter in the jsonapi/review endpoint. An attacker can access sensitive database information and manipulate query results by sending specially crafted GET requests. Remediation There is no fixed version for...

Aimeos contains a SQL injection vulnerability in the json api 'sort' parameter

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

CVE-2021-47763

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

EUVD-2026-2770

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

CVE-2021-47763

CVE-2021-47763 affects Aimeos 2021.10 LTS. The vulnerability is a SQL injection in the json API 'sort' parameter, exploitable via crafted GET requests to the /jsonapi/review endpoint, enabling disclosure of table and column names. Multiple connected sources corroborate the issue and reference aff...

CVE-2021-47763 Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint...

PT-2026-3039

Name of the Vulnerable Software and Affected Versions Aimeos version 2021.10 LTS Description A SQL injection issue exists in the json api 'sort' parameter. Attackers can inject malicious database queries by manipulating the 'sort' parameter. Specifically, crafted GET requests sent to the...