CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46822 – WordPress WooCommerce – Store Exporter Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-46822
Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin <= 2.7.2 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en Visser Labs Store Exporter para WooCommerce: en los complementos Export Products, Export Orders, Export Subscriptions, and More en versiones <= 2.7.2. The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'filter' parameter in all versions up to, and including, 2.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woocommerce-exporter/wordpress-store-exporter-for-woocommerce-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1546 – WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1546
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting El plugin WooCommerce - Product Importer de WordPress versiones hasta 1.5.2, no sanea y escapa de los datos importados antes de devolverlos a la página, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/5ec6182c-6917-4c48-90ce-e0ebe38e7595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0149 – WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-0149
The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. El plugin de WordPress WooCommerce Stored Exporter anterior a la versión 2.7.1 estaba afectado por una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en la página de administración de woo_ce • https://plugins.trac.wordpress.org/changeset/2654545/woocommerce-exporter https://wpscan.com/vulnerability/e47c288a-2ea3-4926-93cc-113867cbc77c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25077 – Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25077
The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting El plugin Store Toolkit for WooCommerce de WordPress versiones anteriores a 2.3.2, no sanea y escapa del parámetro tab antes de devolverlo a una página de administración en un mensaje de error, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2654503 https://wpscan.com/vulnerability/53868650-aba0-4d07-89d2-a998bb0ee5f6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11807 – WooCommerce Checkout Manager <= 4.2.6 - Unauthenticated Arbitrary Media Deletion
https://notcve.org/view.php?id=CVE-2019-11807
The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks. El plugin WooCommerce Checkout Manager en versiones anteriores a la 4.3 para WordPress, permite la eliminación de medios a través del parámetro wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load a causa de nopriv_ registration y una falta de comprobación de las capacidades. • https://wpvulndb.com/vulnerabilities/9262 https://www.wordfence.com/blog/2019/05/unauthenticated-media-deletion-vulnerability-patched-in-woocommerce-checkout-manager-plugin • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •