EUVD-2026-10814

Craft Commerce is Vulnerable to Stored XSS while updating Order Status from Orders Table...

WordPress Cost Calculator Builder plugin <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions vulnerability

Authenticated Subscriber+ Missing Authorization via getccorders/updateorderstatus Functions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Cost Calculator Builder versions = 3.5.32...

CVE-2025-12355

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivupdateorderstatus' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses...

CVE-2025-11728

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

CVE-2025-9243

CVE-2025-9243 affects the WordPress plugin Cost Calculator Builder. A missing capability check in get_cc_orders and update_order_status permits authenticated users with Subscriber-level access (or higher) to access order management and modify order statuses in all versions up to and including 3.5...

WordPress plugin Cost Calculator Builder 安全漏洞

WordPress Cost Calculator Builder plugin is a WordPress plugin for creating price estimation forms that supports quick generation of customized calculators via drag-and-drop form builder that can be embedded in website pages without programming. The WordPress Cost Calculator Builder plugin suffer...

CVE-2023-1987

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function updateorderstatus of the file /classes/Master.php?f=updateorderstatus. The manipulation of the argument id leads to sql injection. The...

PT-2024-17808 · Unknown · Code-Projects Simple Admin Panel

Name of the Vulnerable Software and Affected Versions: code-projects Simple Admin Panel version 1.0 Description: A critical vulnerability has been found in the file updateOrderStatus.php, affecting an unknown functionality. The manipulation of the record argument leads to SQL injection. The attac...

WordPress Plugin MStore API 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

Online Computer and Laptop Store SQL Injection Vulnerability (CNVD-2023-29381)

Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to a SQL injection vulnerability in the file /classes/Master.php?f=updateorderstatus, where the parameter id of the function...

CVE-2023-1987

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function updateorderstatus of the file /classes/Master.php?f=updateorderstatus. The manipulation of the argument id leads to sql injection. The...

PT-2023-17394 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue has been found in the function update order status of the file /classes/Master.php?f=update order status. The manipulation of the argument id leads to s...

Online Computer and Laptop Store SQL注入漏洞

Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to a SQL injection vulnerability in the file /classes/Master.php?f=updateorderstatus, where the parameter id of the function...