Page 2 of 12 results (0.018 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Advanced Order Export For WooCommerce de WordPress en versiones &lt;= 3.3.2 que conduce a la descarga del archivo de exportación. The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the export download functionality. This makes it possible for unauthenticated attackers to execute this code on behalf of an administrator, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://wordpress.org/plugins/woo-order-export-lite • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin AlgolPlus Advanced Dynamic Pricing for WooCommerce versiones anteriores a 4.1.3 incluyéndola en WordPress. The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.3. This is due to missing or incorrect nonce validation on the handleSubmitAction function. This makes it possible for unauthenticated attackers to update plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-3-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/advanced-dynamic-pricing-for-woocommerce/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado Autenticado (administrador de tienda+) en el plugin AlgolPlus Advanced Order Export For WooCommerce versiones anteriores a 3.3.1 incluyéndola, en WordPress The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘'method' parameter in versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-order-export-lite/wordpress-advanced-order-export-for-woocommerce-plugin-3-3-1-reflected-cross-site-scripting-xss-vulnerability/_s_id=cve https://wordpress.org/plugins/woo-order-export-lite • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. Este plugin de WordPress Advanced Order Export For WooCommerce versiones anteriores a 3.1.8, le ayuda a exportar fácilmente los datos de pedidos de WooCommerce.&#xa0;El parámetro tab en el Admin Panel es vulnerable a un ataque de tipo XSS reflejado WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50324 http://packetstormsecurity.com/files/164263/WordPress-Advanced-Order-Export-For-WooCommerce-3.1.7-Cross-Site-Scripting.html https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. Advanced Order Export versiones anteriores a 3.1.8, para WooCommerce permite un XSS, una vulnerabilidad diferente de CVE-2020-11727. • https://wordpress.org/plugins/woo-order-export-lite/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •