CVE-2026-7266

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...

CVE-2026-7296

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

EUVD-2026-26146

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

CVE-2026-7296

SourceCodester Pizzafy Ecommerce System 1.0 contains an XSS vulnerability in the admin/ajax.php?action=save_order function, triggered by manipulation of the first_name argument. Remote exploitation is possible and exploits have been published. No remediation or patch details are provided in the s...

CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

CVE-2025-28057

Summary of CVE-2025-28057 : The owl-admin project is affected for versions 3.2.2 through 4.10.2 by a SQL Injection in the /admin-api/system/admin_menus/save_order endpoint. This is documented with a high-severity CVSS 3.1 score (7.2) impacting confidentiality, integrity, and availability. The roo...

CVE-2015-5528

The CVE-2015-5528 entry concerns the WordPress Floating Social Bar plugin (pre-1.1.6). The XSS vulnerability arises in the save_order function within class-floating-social-bar.php, where the items[] parameter in the fsb_save_order action to wp-admin/admin-ajax.php is not properly filtered, allowi...

WordPress Floating Social Bar 1.1.5 Cross Site Scripting

Exploit Title: Floating Social Bar 1.1.5 XSS Date: 09-01-2015 Software Link: https://wordpress.org/plugins/floating-social-bar/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description Everyone can access saveorder...

Wordpress Floating Social Bar 1.1.5 XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Floating Social Bar 1.1.5 XSS Date: 09-01-2015 Software Link: https://wordpress.org/plugins/floating-social-bar/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category...