CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29773 – WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-29773
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en BizSwoop a CPF Concepts, LLC Brand BizPrint permite cross-site scripting (XSS). Este problema afecta a BizPrint: desde n/a hasta 4.5.5. The BizPrint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.5. This is due to missing or incorrect nonce validation in the process.php file. • https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-5-5-csrf-to-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29798 – WordPress Gratisfaction plugin <= 4.3.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29798
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appsmav Gratisfaction allows Stored XSS.This issue affects Gratisfaction: from n/a through 4.3.4. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Appsmav Gratisfaction permite XSS almacenado. Este problema afecta a Gratisfaction: desde n/a hasta 4.3.4. The Gratisfaction plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce/wordpress-gratisfaction-plugin-4-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27994 – WordPress YITH WooCommerce Product Add-Ons plugin <= 4.5.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-27994
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en YITH YITH WooCommerce Product Add-Ons permite XSS reflejado. Este problema afecta a los complementos de productos YITH WooCommerce: desde n/a hasta 4.5.0. The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/yith-woocommerce-product-add-ons/wordpress-yith-woocommerce-product-add-ons-plugin-4-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27969 – WordPress Free Downloads WooCommerce plugin <= 3.5.8.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-27969
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2. Una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en WP Enhanced Free Downloads WooCommerce permite XSS almacenado. Este problema afecta a las descargas gratuitas de WooCommerce: desde n/a hasta 3.5.8.2. The Free Downloads WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/download-now-for-woocommerce/wordpress-free-downloads-woocommerce-plugin-3-5-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25930 – WordPress Custom Order Statuses for WooCommerce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-25930
Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en los estados de pedidos personalizados de Nuggethon para WooCommerce. Este problema afecta a los estados de pedidos personalizados para WooCommerce: desde n/a hasta 1.5.2. The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on multiple functions. • https://patchstack.com/database/vulnerability/custom-order-statuses-for-woocommerce/wordpress-custom-order-statuses-for-woocommerce-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •