CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32107 – WordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32107
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en XLPlugins Finale Lite. Este problema afecta a Finale Lite: desde n/a hasta 2.18.0. The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.18.0. This is due to missing or incorrect nonce validation on the xlo_op... • https://patchstack.com/database/vulnerability/finale-woocommerce-sales-countdown-timer-discount/wordpress-finale-lite-sales-countdown-timer-discount-for-woocommerce-plugin-2-18-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31431 – WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31431
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tyche Softwares Product Input Fields for WooCommerce. Este problema afecta los campos de entrada de productos para WooCommerce: desde n/a hasta 1.7.0. The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up ... • https://patchstack.com/database/vulnerability/product-input-fields-for-woocommerce/wordpress-product-input-fields-for-woocommerce-plugin-1-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31920 – WordPress Currency per Product for WooCommerce plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31920
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Currency per Product for WooCommerce.This issue affects Currency per Product for WooCommerce: from n/a through 1.6.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tyche Softwares Currency per Product for WooCommerce. Este problema afecta la moneda por producto para WooCommerce: desde n/a hasta 1.6.0. The Currency per Product for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and incl... • https://patchstack.com/database/vulnerability/currency-per-product-for-woocommerce/wordpress-currency-per-product-for-woocommerce-plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31940 – WordPress Extra Product Options Builder for WooCommerce plugin <= 1.2.104 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31940
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through 1.2.104. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en RedNao Extra Product Options Builder para WooCommerce. Este problema afecta al Extra Product Options Builder para WooCommerce: desde n/a hasta 1.2.104. The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Fo... • https://patchstack.com/database/vulnerability/additional-product-fields-for-woocommerce/wordpress-extra-product-options-builder-for-woocommerce-plugin-1-2-104-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31359 – WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31359
08 Apr 2024 — Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2. Vulnerabilidad de autorización faltante en Premmerce Premmerce Product Filter para WooCommerce. Este problema afecta al Premmerce Product Filter para WooCommerce: desde n/a hasta 3.7.2. The Premmerce Product Filter for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function ... • https://patchstack.com/database/vulnerability/premmerce-woocommerce-product-filter/wordpress-premmerce-product-filter-for-woocommerce-plugin-3-7-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31364 – WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31364
08 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts. Este problema afecta a los precios y descuentos dinámicos de ELEX WooCommerce: desde n/a hasta 2.1.2. The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Cro... • https://patchstack.com/database/vulnerability/elex-woocommerce-dynamic-pricing-and-discounts/wordpress-elex-woocommerce-dynamic-pricing-and-discounts-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22155 – WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-22155
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Automattic WooCommerce. Este problema afecta a WooCommerce: desde n/a hasta 8.5.2. The WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.5.2. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31235 – WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31235
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WebToffee WordPress Comments Import & Export. Este problema afecta la importación y exportación de comentarios de WordPress: desde n/a hasta 2.3.5. The WordPress Comments Import & Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and... • https://patchstack.com/database/vulnerability/comments-import-export-woocommerce/wordpress-comments-import-export-plugin-2-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31255 – WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31255
05 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en ELEXtensions Los precios y descuentos dinámicos de ELEX WooCommerce permiten XSS reflejado. Este problema afecta... • https://patchstack.com/database/vulnerability/elex-woocommerce-dynamic-pricing-and-discounts/wordpress-elex-woocommerce-dynamic-pricing-and-discounts-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31297 – WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability
https://notcve.org/view.php?id=CVE-2024-31297
05 Apr 2024 — Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. The Wholesale For WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to delete arbitrary posts. • https://patchstack.com/database/vulnerability/woocommerce-wholesale-pricing/wordpress-wholesale-for-woocommerce-plugin-2-3-1-unauthenticated-arbitrary-post-page-vulnerability?_s_id=cve • CWE-862: Missing Authorization •