Lucene search
K

179 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-39540

Subscriber Cross Site Scripting XSS in Shipment Tracker for Woocommerce = 1.5.3.2 versions...

6.5CVSS0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.26 views

CVE-2026-39540 WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Shipment Tracker for Woocommerce = 1.5.3.2 versions...

6.5CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.10 views

CVE-2026-39540

CVE-2026-39540 concerns WordPress plugin Shipment Tracker for Woocommerce (versions up to and including 1.5.3.2). The vulnerability is a Cross Site Scripting (XSS) issue in subscriber-facing context. Public sources indicate a CVSSv3.1 base score of 6.5 (Medium) with network attack vector, low att...

6.5CVSS5.1AI score0.00205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:3 p.m.8 views

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 9:32 a.m.7 views

CVE-2026-31909 Apache OFBiz: Unauthenticated Shipment Label Image Disclosure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00486EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:32 a.m.44 views

CVE-2026-31909 Apache OFBiz: Unauthenticated Shipment Label Image Disclosure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00486EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:32 a.m.17 views

CVE-2026-31909

Technical details (affected component/version, root cause, exploitability, impact specifics, or fixes) are not publicly provided in the supplied documents. Monitor for updates from the referenced sources and vendors for concrete details and remediation guidance.

7.5CVSS5.8AI score0.00486EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.9 views

PT-2026-35640

Name of the Vulnerable Software and Affected Versions Shipment Tracker for Woocommerce versions prior to 1.5.3.3 Description A Cross Site Scripting XSS issue exists that allows users with the Subscriber role to execute malicious scripts in the context of the application. Recommendations Update to...

6.5CVSS5.3AI score0.00205EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/16 3:35 p.m.8 views

WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Shipment Tracker for Woocommerce versions = 1.5.3.2...

5.8AI score0.00205EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.7 views

CVE-2019-7892

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...

7.2CVSS8AI score0.01777EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/04 6:12 a.m.6 views

Insecure Direct Object Reference (IDOR)

com.liferay.commerce, com.liferay.commerce.order.content.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the CommerceOrderPortletcommerceOrderId parameter, which allows an attacker to access shipment addresses from other virtual...

5.3CVSS6.7AI score0.00249EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/14 7:46 p.m.17 views

CVE-2025-62241

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.8AI score0.00249EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/13 9:31 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can access shipment addresses belonging to other virtual instances by...

5.3CVSS7AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/13 9:31 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can access shipment addresses belonging to other virtual instances by...

5.3CVSS7AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/13 9:31 p.m.5 views

EUVD-2025-34077

Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key...

5.3CVSS6.3AI score0.00249EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/13 9:31 p.m.12 views

Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.8AI score0.00249EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/10/13 9:31 p.m.3 views

GHSA-FHCW-PX4Q-PMVV Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.8AI score0.00249EPSS
Exploits0References5
OSV
OSV
added 2025/10/13 8:15 p.m.6 views

CVE-2025-62241

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

4.3CVSS5.8AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2025/10/13 8:15 p.m.11 views

CVE-2025-62241

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/13 7:32 p.m.4 views

CVE-2025-62241

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.3AI score0.00249EPSS
Exploits0References1
Rows per page
Query Builder