CVE-2024-31297

Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0...

CVE-2024-31297 WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability

Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0...

CVE-2024-30469

Technical details for CVE-2024-30469 are not publicly available in the provided documents. Monitor for official updates and vendor advisories for affected products and remediation steps.

CVE-2024-30469 WordPress Wholesale For WooCommerce plugin <= 2.3.0 - Unauthenticated Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0...

Weak Password Vulnerability in C-Lodop Print Services System

Ltd. is a company whose main business is software development; information technology consulting services; information system integration services; wholesale of computers, software and auxiliary equipment; retail of computers, software and auxiliary equipment, etc. A weak password vulnerability...

Shopify: [h1-2102] Wholesale - CSRF to Generate Invitation Token for a Customer and Move Customer to Invited Status

Summary: There is a CSRF vulnerability in the Wholesale application to generate an invitation token for a user and move that user to invited status. Steps To Reproduce: 1. Log in to Shopify and configure Wholesale 2. Add a price list 3. Add a customer with the tag wholesale 4. Adjust the pricelis...

Shopify: [h1-2102] FQDN takeover on all Shopify wholesale customer domains by trailing dot (RFC 1034)

Summary: Due to a missing domain format check in Shopify's wholesale functionality, it is possible to serve arbitrary content on the customer's domain through existing DNS records already configured to work with Shopify. I only tested with domains that I own but as far as I understand, this would...

webERP 4.15.1 - Unauthenticated Backup File Access Vulnerability

Exploit for php platform in category web applications Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access Author: Besim ALTINOK Vendor Homepage: http://www.weberp.org Software Link: https://sourceforge.net/projects/web-erp/ Version: v4.15.1 Tested on: Xampp Credit: İsmail BOZKURT...

CVE-2019-17551

CVE-2019-17551 affects Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5. An attacker can send an authenticated POST to /WFS/agreementView.faces to trigger a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text field in the Notes section. The issue is tied to the WYSIW...

Shopify: H1514 Wholesale customer without checkout permission can complete purchases

Summary: By default, Shopify Wholesale customers are prevented from immediately checking out: F360280 Instead, a store admin must approve each order before the customer can pay. This restriction can be bypassed, allowing a customer to check out orders without prior approval. This also bypasses an...

Alibaba aliexpress exposure security vulnerability could compromise millions of users personal information-vulnerability warning-the black bar safety net

1 of 2 November 9 November 2 1:0 0 updates: According to the official feedback Alibaba security team have been in the first time to fix the vulnerability. ! According to foreign media reports, Alibaba's aliexpress website on the exposed security vulnerabilities that could impact the world of...

ecshop the goods_attr and goods_attr_id two secondary injection vulnerability detailed analysis-vulnerability warning-the black bar safety net

A: goodsattrid secondary injection ! 2 0 1 3 0 7 3 0 1 5 2 7 4 9 1 Injection use process: 1. Add items to your cart, write the injection code to product attribute id http://localhost/test/ecshop/flow.php?step=addtocart POST: goods="quick":1,"spec":"1 6 3","1 5 8'","goodsid":3...

CVE-2008-5493

The CVE-2008-5493 entry documents a SQL injection vulnerability in track.php of PHPStore Wholesales (aka Wholesale). The vulnerable vector is the id parameter, enabling remote attackers to execute arbitrary SQL commands. According to the NVD entry, the impact is assessed as Partial for confidenti...

phpstore Wholesale (track.php?id) SQL Injection Vulnerability

No description provided by source. | | | Wholesale track.php id Remote SQL Injection Vulnerability | | | | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | | email: [email protected] | | | | script : http://www.phpstore.info/productinfo.php?cPath=3653&productsid=162 | | DorK :...

CVE-2006-4969

Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the IncDir parameter in 1 affiliates.php, 2 orders.php, 3 events.php, 4 index.php, 5 articles.php, 6 faqs.php, 7 guestbook.php, 8 catalog.php, 9...

Pie Cart Pro - &#039;Inc_Dir&#039; Remote File Inclusion

==================================================================== Pie Cart Pro = IncDir Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By SnIpErSA http://www.doodlebabies.com/...

Pie Cart Pro (Inc_Dir) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== Pie Cart Pro IncDir Remote File Include Vulnerabilities ==========================================================...

Pie Cart Pro (Inc_Dir) Remote File Include Vulnerabilities

No description provided by source. ==================================================================== Pie Cart Pro = IncDir Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By SnIpErSA http://www.doodlebabies.com/...