Lucene search
K

10 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-9240

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...

4.3CVSS0.00196EPSS
Exploits0References5
CVE
CVE
added 6 days ago13 views

CVE-2026-9240

The Colissimo Officiel: Méthodes de livraison pour WooCommerce plugin for WordPress is affected by a missing authorization check in updateShippingMethod(), registered to the wp_ajax_lpc_order_affect AJAX action, for versions up to 2.9.0. The handler does not perform current_user_can() checks or n...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-9709

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

7.7CVSS0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:0 a.m.10 views

EUVD-2026-38696

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

7.7CVSS5.8AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:0 a.m.38 views

CVE-2026-9709 Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

0.00219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 6:0 a.m.6 views

CVE-2026-9709

The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...

5.8AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 6:0 p.m.19 views

CVE-2026-47742

Affected software: Shopper: Headless e-commerce Admin Panel. Vulnerability summary: Before version 2.8.0, sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) lacked authorization on their store() method. This allowed any authenticated panel user, regard...

6.5CVSS5.9AI score0.00221EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 1:51 p.m.13 views

Malicious code in @zaamx/netme (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ff8cae34ceeb5f691ca4c4f92fbe10d0bc4e6b9eddf081e7c99ab1ee6193c98 This Medusa plugin hardcodes outbound POST requests to https://n8n.lidxi.com/webhook/ in multiple subscribers and admin routes, with no configuration...

5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.13 views

CVE-2024-1492 WPify Woo Czech <= 4.0.8 - Missing Authorization

The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as lon...

5.3CVSS6.7AI score0.00455EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.6 views

PT-2024-18090 · WordPress · Wpify Woo Czech

Name of the Vulnerable Software and Affected Versions: WPify Woo Czech plugin versions up to, and including, 4.0.8 Description: The issue allows unauthorized access to data due to a missing capability check on the maybe send to packeta function. This makes it possible for unauthenticated attacker...

5.3CVSS9.4AI score0.00455EPSS
Exploits0References5
Rows per page
Query Builder