CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12333 – WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-12333
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. El tema Woodmart para WordPress es vulnerable a la ejecución arbitraria de códigos cortos en todas las versiones hasta la 8.0.3 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acción que no valida correctamente un valor antes de ejecutar do_shortcode a través de la acción AJAX woodmart_instagram_ajax_query. • https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492 https://www.wordfence.com/threat-intel/vulnerabilities/id/1caa8baa-0783-4bc9-af03-46a3a2cf3538?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41872 – WordPress WoodMart Theme <= 7.2.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-41872
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Xtemos WoodMart en versiones <= 7.2.4. The WoodMart theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32242 – WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-32242
Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36. Vulnerabilidad de deserialización de datos no confiables en xtemos WoodMart - Multipurpose WooCommerce Theme. Este problema afecta a WoodMart - Multipurpose WooCommerce Theme: desde n/a hasta 1.0.36. The Woodmart Core plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0.36 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. • https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-php-object-injection?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32239 – WordPress WoodMart Theme <= 7.2.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32239
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions. The WoodMart theme for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 7.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32500 – WordPress WoodMart Theme <= 7.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32500
Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en xtemos WoodMart - Multipurpose WooCommerce Theme en versiones <= 7.1.1. The Woodmart theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to modify the plugin's license via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •