CVE-2026-7296

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

PT-2026-35822

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save order of the file /admin/ajax.php?action=save order. Performing a manipulation of the argument first name results in cross site scripting. Remote exploitation of the attack is possible. The...

PT-2026-35710

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save order of the file /admin/ajax.php?action=save order. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public...

Floating Social Bar 1.1.5 XSS

Everyone can access saveorder. File: floating-social-bar\class-floating-social-bar.php addaction 'wpajaxfsbsaveorder', array $this, 'saveorder' ; addaction 'wpajaxnoprivfsbsaveorder', array $this, 'saveorder' ; $REQUEST'items' is not escaped. File: floating-social-bar\class-floating-social-bar.ph...

WordPress Floating Social Bar Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. A cross-site scripting vulnerability exists in the 'saveorder' function in the class-floating-social-bar.php script in versions of the...