CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31100 – WordPress Popup Cart Lite for WooCommerce plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31100
29 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Cart Lite for WooCommerce.This issue affects Popup Cart Lite for WooCommerce: from n/a through 1.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Popup Cart Lite for WooCommerce de Festi-Team para WordPress. Este problema afecta a Popup Cart Lite para WooCommerce: desde n/a hasta 1.1. The Popup Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is d... • https://patchstack.com/database/vulnerability/woocommerce-woocart-popup-lite/wordpress-popup-cart-lite-for-woocommerce-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31109 – WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31109
29 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Toastie Studio Woocommerce Social Media Share Buttons permite almacenar XSS. Este problema afecta a los botones para compartir en redes sociales de WooCommerce: desde n/a hasta 1.3.0. The Woocommerce Social Media Share Buttons plugin for WordPress is ... • https://patchstack.com/database/vulnerability/woocommerce-social-media-share-buttons/wordpress-woocommerce-social-media-share-buttons-plugin-1-3-0-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30511 – WordPress FG PrestaShop to WooCommerce plugin <= 4.45.1 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-30511
29 Mar 2024 — Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. Inserción de información confidencial en la vulnerabilidad del archivo de registro en Frédéric GILLES FG PrestaShop a WooCommerce. Este problema afecta a FG PrestaShop a WooCommerce: desde n/a hasta 4.45.1. The FG PrestaShop to WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up... • https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-45-1-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31098 – WordPress New Order Notification for Woocommerce plugin <= 2.0.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31098
29 Mar 2024 — Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2. Vulnerabilidad de autorización faltante en Mr.Ebabi New Order Notification for Woocommerce. Este problema afecta la notificación de nuevo pedido para Woocommerce: desde n/a hasta 2.0.2. The New Order Notification for Woocommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all ... • https://patchstack.com/database/vulnerability/new-order-notification-for-woocommerce/wordpress-new-order-notification-for-woocommerce-plugin-2-0-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30433 – WordPress MultiVendorX Marketplace plugin <= 4.1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30433
28 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Stored XSS.This issue affects WC Marketplace: from n/a through 4.1.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en MultiVendorX WC Marketplace permite XSS almacenado. Este problema afecta a WC Marketplace: desde n/a hasta 4.1.3. The WC Marketplace plugin for WordPress is vulnerable to Stored C... • https://patchstack.com/database/vulnerability/dc-woocommerce-multi-vendor/wordpress-multivendorx-marketplace-plugin-4-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30458 – WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.1.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30458
28 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 WOOCS – WooCommerce Currency Switcher. Este problema afecta a WOOCS – WooCommerce Currency Switcher: desde n/a hasta 1.4.1.7. The WOOCS – WooCommerce Currency Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and includ... • https://patchstack.com/database/vulnerability/woocommerce-currency-switcher/wordpress-fox-currency-switcher-professional-for-woocommerce-plugin-1-4-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30462 – WordPress HUSKY plugin <= 1.3.5.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30462
28 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF). Este problema afecta a HUSKY – Filtro de productos para WooCommerce (anteriormente WOOF): desde n/a hasta 1.3.5.1. The HUSKY – Products Filter for WooCommerce (formerly ... • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30469 – WordPress Wholesale For WooCommerce plugin <= 2.3.0 - Unauthenticated Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-30469
28 Mar 2024 — Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. Vulnerabilidad de autorización faltante en WPExperts Wholesale For WooCommerce. Este problema afecta a Wholesale For WooCommerce: desde n/a hasta 2.3.0. The woocommerce-wholesale-pricing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to extract se... • https://patchstack.com/database/vulnerability/woocommerce-wholesale-pricing/wordpress-wholesale-for-woocommerce-plugin-2-3-0-unauthenticated-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30477 – WordPress Klarna Payments for WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30477
28 Mar 2024 — Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. Vulnerabilidad de autorización faltante en Klarna Klarna Payments para WooCommerce. Este problema afecta a Klarna Payments para WooCommerce: desde n/a hasta 3.2.4. The Klarna Payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.2.4. This makes it possible fo... • https://patchstack.com/database/vulnerability/klarna-payments-for-woocommerce/wordpress-klarna-payments-for-woocommerce-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30492 – WordPress Export and Import Users and Customers plugin <= 2.5.2 - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-30492
28 Mar 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. Limitación inadecuada de un nombre de ruta a una vulnerabilidad de Restricted Directory ("Path Traversal") en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.2. The Export and Import Users and Customers plugin for WordPress i... • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-2-path-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •