6 matches found
BankPro E-Service Service Center 安全漏洞
The BankPro E-Service Service Center is a digital banking service management platform provided by BankPro E-Service in Taiwan, China. There is a security vulnerability in the BankPro E-Service Service Center. This vulnerability stems from insecure direct object references, which may allow...
CVE-2025-12075
The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wostroubleshooting' AJAX endpoint in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with Subscriber-level...
PT-2026-20220
Name of the Vulnerable Software and Affected Versions Order Splitter for WooCommerce plugin for WordPress versions up to and including 5.3.5 Description The Order Splitter for WooCommerce plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability...
CVE-2023-36331
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...
Extreme CMS has a flawed logic vulnerability
Extreme CMS is an open source and free PHPCMS web content management system. Extreme CMS has a logic flaw vulnerability that can be exploited by attackers to overstep their rights to view other users' orders and product information...
Heilongjiang Industrial Cloud Service Android APP has overstepping access vulnerability
Heilongjiang Industrial Cloud Service app is an office communication platform. Heilongjiang Industrial Cloud Service Android APP has an override access vulnerability. An attacker can utilize the vulnerability to arbitrarily view other users' order product information...