10 matches found
CVE-2026-59805
Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController. Authenticated sellers can manipulate purchase access for other sellers' products by issuing PUT requests to revoke_access and undo_revoke_access without validating ownership. This lets attackers...
CVE-2024-5792 Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection
The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belongto’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-5793 Houzez Theme - Functionality <= 3.2.2 - Authenticated (Seller+) SQL Injection
The Houzez Theme - Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currencycode’ parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
PT-2024-37159 · WordPress · The Houzez Theme
Name of the Vulnerable Software and Affected Versions: The Houzez Theme - Functionality plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to SQL Injection via the currency code parameter due to insufficient escaping on the user-supplied parameter and lack...
ENTER has a logic flaw vulnerability
ENTER ENTR is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function of ENTR's smart contract contract name: EnterToken implementation. An attacker could exploit this vulnerability to prevent the seller from accessing the assets due to the exchange...
RiptideCoin has a logic flaw vulnerability
RiptideCoin RIPT is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function of RIPT's smart contract implementation. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...
Welfare Token Fund has a flawed logic vulnerability
Welfare Token Fund WTF is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function in the smart contract implementation of WTF. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...
Logic Flaw Vulnerability in ETHERCASH
ETHERCASH ETC is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'sell' function of ETC's smart contract implementation. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...
MoneyChainNet (MCN) Integer Overflow Vulnerability
MoneyChainNet MCN is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function in MCN's smart contract implementation. An attacker could use this vulnerability to prevent the seller from accessing the assets due to the exchange...
RiptideCoin (RIPT) Integer Overflow Vulnerability
RiptideCoin RIPT is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function of RIPT's smart contract implementation. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...