CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52440 – WordPress Xpresslane Fast Checkout plugin <= 1.0.0 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-52440
Deserialization of Untrusted Data vulnerability in Bueno Labs Pvt. Ltd. Xpresslane Fast Checkout allows Object Injection.This issue affects Xpresslane Fast Checkout: from n/a through 1.0.0. Vulnerabilidad de deserialización de datos no confiables en Bueno Labs Pvt. Ltd. • https://patchstack.com/database/vulnerability/xpresslane-integration-for-woocommerce/wordpress-xpresslane-fast-checkout-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52460 – AtaraPay WooCommerce Payment Gateway <= 2.0.13 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-52460
The AtaraPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52469 – WooCommerce Price Alert <= 1.0.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-52469
The WooCommerce Price Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52398 – WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52398
Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3. The CDI – Collect and Deliver Interface for Woocommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.5.3. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/collect-and-deliver-interface-for-woocommerce/wordpress-cdi-plugin-5-5-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52379 – WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52379
Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through 2.0.8. The kineticPay for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/kineticpay-for-woocommerce/wordpress-kineticpay-for-woocommerce-plugin-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •