Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.10 views

CVE-2026-9284

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...

8.2CVSS5.9AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2026/05/23 5:16 a.m.12 views

CVE-2026-9284

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...

8.2CVSS0.00401EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54087

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.0027EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/03/18 3:30 p.m.8 views

TastyIgniter Has an Incorrect Access Control Vulnerability

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...

6.5CVSS6.5AI score0.0027EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/03/18 12:0 a.m.45 views

CVE-2024-44314

TastyIgniter 3.7.6 contains an Incorrect Access Control in the Orders Management System. The vulnerability resides in Orders.php: index_onUpdateStatus(), which fails to verify a user’s permission before updating an order’s status. This allows unauthorized users to remotely modify orders (I:H, P:L...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder