Online ordering system

This hub aggregates every CVE we track for Online ordering system, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Online ordering system.

• CVE-2026-24494SQL injection vulnerability in Order Up Online Ordering System9.8Feb 23, 2026
• CVE-2025-14251code-projects Online Ordering System Admin Login admin sql injection7.3Dec 8, 2025
• CVE-2025-14250code-projects Online Ordering System user_contact.php sql injection7.3Dec 8, 2025
• CVE-2025-14249code-projects Online Ordering System user_school.php sql injection7.3Dec 8, 2025
• CVE-2025-8256code-projects Online Ordering System product.php unrestricted upload6.3Jul 28, 2025
• CVE-2025-8248code-projects Online Ordering System signup.php sql injection7.3Jul 28, 2025
• CVE-2025-8236code-projects Online Ordering System edit_product.php sql injection7.3Jul 27, 2025
• CVE-2025-8235code-projects Online Ordering System product.php sql injection7.3Jul 27, 2025
• CVE-2025-8234code-projects Online Ordering System delete_member.php sql injection7.3Jul 27, 2025
• CVE-2025-8233code-projects Online Ordering System user.php sql injection7.3Jul 27, 2025
• CVE-2025-8232code-projects Online Ordering System delete_user.php sql injection7.3Jul 27, 2025
• CVE-2025-7755code-projects Online Ordering System edit_product.php unrestricted upload6.3Jul 17, 2025
• CVE-2024-7488Business Logic Error in RestApp Inc.'s Online Ordering System5.3Dec 4, 2024
• CVE-2022-36581Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.7.5Aug 31, 2022
• CVE-2022-36580An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.7.2Aug 31, 2022