CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29794 – WordPress Conversios.io plugin <= 6.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29794
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Conversios Conversios.Io permite el XSS reflejado. Este problema afecta a Conversios.Io: desde n/a hasta 6.9.1. The Conversios.io plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 6.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/enhanced-e-commerce-for-woocommerce-store/wordpress-conversios-io-plugin-6-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51357 – Conversios.io <= 6.5.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-51357
The Conversios.io plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the conversios-productsync/v1/cron-productsync REST API endpoint in versions up to, and including, 6.5.0. This makes it possible for unauthenticated attackers to trigger a product sync. • CWE-862: Missing Authorization •