CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41623 – WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2022-41623
12 Oct 2022 — Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress. Una Exposición de Datos Confidenciales en el plugin Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium versiones anteriores a 1.1.0 incluyéndola en WordPress The AliExpress Dropshipping and Fulfillment for WooCommerce Premium plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 1.1.0. This could allo... • https://patchstack.com/database/vulnerability/woocommerce-alidropship/wordpress-ald-aliexpress-dropshipping-and-fulfillment-for-woocommerce-plugin-1-1-0-sensitive-data-exposure?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1037 – EXMAGE < 1.0.7 - Admin+ Blind SSRF
https://notcve.org/view.php?id=CVE-2022-1037
14 Apr 2022 — The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs El plugin EXMAGE de WordPress versiones anteriores a 1.0.7, no asegura que las imágenes añadidas por medio de URLs sean imágenes externas, lo que podría conllevar un problema de tipo SSRF ciego al usar URLs locales • https://wpscan.com/vulnerability/bd8555bd-8086-41d0-a1f7-3557bc3af957 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25062 – Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25062
27 Dec 2021 — The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting El plugin Orders Tracking for WooCommerce de WordPress versiones anteriores a 1.1.10, no sanea y escapa de la file_url antes de devolverla a una página de administración, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2643807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4379 – WooCommerce Multi Currency <= 2.1.17 - Missing Authorization
https://notcve.org/view.php?id=CVE-2021-4379
13 Sep 2021 — The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices. • https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4395 – Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4395
05 Jul 2021 — The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •