CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30482 – WordPress WPBulky Plugin < 1.0.10 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-30482
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions. Vulnerabilidad de Cross-Site Scripting (XSS) almacenado con necesidad de autenticación (permisos de contribuidor o superior) en el plugin VillaTheme WPBulky en versiones anteriores, e incluyendo la 1.0.10. The WPBulky plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization via the 'sanitize' function which does not sufficiently sanitize content that does not contain HTML tags, as well as insufficient output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wpbulky-wp-bulk-edit-post-types/wordpress-wpbulky-plugin-1-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46810 – WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46810
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. • https://patchstack.com/database/vulnerability/woo-thank-you-page-customizer/wordpress-thank-you-page-customizer-for-woocommerce-increase-your-sales-plugin-1-0-13-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46812 – WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46812
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.13. This is due to missing or incorrect nonce validation on the send_email function. This makes it possible for unauthenticated attackers to send emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2022-46810 may be a duplicate of this issue. • https://patchstack.com/database/vulnerability/woo-thank-you-page-customizer/wordpress-thank-you-page-customizer-for-woocommerce-increase-your-sales-plugin-1-0-13-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46806 – WordPress Cart All In One For WooCommerce Plugin <= 1.1.10 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-46806
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification. The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.10. This is due to missing or incorrect nonce validation on numerous functions in the 'VI_WOO_CART_ALL_IN_ONE_Frontend_Frontend' class. This makes it possible for unauthenticated attackers to get various information (such as menu cart text) and change some cart information (item quantities, adding items, applying coupons, setting display style) via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-cart-all-in-one/wordpress-cart-all-in-one-for-woocommerce-plugin-1-1-10-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44634 – WordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2022-44634
Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. Vulnerabilidad de lectura de archivos arbitrarios autenticada (con permisos de admin o superiores) en el complemento S2W de Import Shopify to WooCommerce en WordPress en versiones <= 1.1.12. The S2W – Import Shopify to WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.12, via insufficient restrictions in the 'generate_log_ajax' function. This allows administrator-level attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/import-shopify-to-woocommerce/wordpress-s2w-import-shopify-to-woocommerce-plugin-1-1-12-auth-local-file-inclusion-lfi-vulnerability?_s_id=cve https://wordpress.org/plugins/import-shopify-to-woocommerce/#developers • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •