CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49283 – WordPress CURCY plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49283
15 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme CURCY allows Reflected XSS.This issue affects CURCY: from n/a through 2.2.3. The CURCY plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully tric... • https://patchstack.com/database/vulnerability/woo-multi-currency/wordpress-curcy-plugin-2-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49288 – WordPress Email Template Customizer for WooCommerce plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49288
15 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5. The Email Template Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9.1 due to insufficient input sanitization and output escaping. This make... • https://patchstack.com/database/vulnerability/email-template-customizer-for-woo/wordpress-email-template-customizer-for-woocommerce-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49296 – WordPress Custom Add to Cart Button Label and Link plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49296
15 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coder426 Custom Add to Cart Button Label and Link allows Stored XSS.This issue affects Custom Add to Cart Button Label and Link: from n/a through 1.6.1. The Custom Add to Cart Button Label and Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... • https://patchstack.com/database/vulnerability/woo-custom-cart-button/wordpress-custom-add-to-cart-button-label-and-link-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47622 – WordPress Advanced Woo Labels plugin <= 2.01 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47622
30 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through 2.01. The Advanced Woo Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbi... • https://patchstack.com/database/vulnerability/advanced-woo-labels/wordpress-advanced-woo-labels-plugin-2-01-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47634 – WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-47634
30 Sep 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2. The CartBounty – Save and recover abandoned carts for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2. This is due to missing or incorrect nonce validation on a function. This make... • https://patchstack.com/database/vulnerability/woo-save-abandoned-carts/wordpress-cartbounty-plugin-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44048 – WordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44048
16 Sep 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows PHP Local File Inclusion.This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.9.10. The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10. This makes it possible for authenticated attackers, with... • https://patchstack.com/database/vulnerability/woo-product-carousel-slider-and-grid-ultimate/wordpress-product-carousel-slider-grid-ultimate-for-woocommerce-plugin-1-9-10-authenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-43918 – WordPress WBW Product Table PRO plugin <= 1.9.4 - Unauthenticated Arbitrary SQL Query Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-43918
22 Aug 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4. The WBW Product Table Pro plugin for WordPress is vulnerable to unauthorized arbitrary SQL Execution due to a missing capability check on a function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to execute arbitrary SQL queries that can be used ... • https://github.com/KTN1990/CVE-2024-43918 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43312 – WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43312
16 Aug 2024 — Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9. The WPC Frequently Bought Together for WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ajax_add_rule, ajax_add_combination, and ajax_search_term functions in versions... • https://patchstack.com/database/vulnerability/woo-bought-together/wordpress-wpc-frequently-bought-together-for-woocommerce-plugin-7-1-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43316 – WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-43316
16 Aug 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1. The Stripe Payments For WooCommerce by Checkout plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing or incorrect nonce validation on the verify_intent() function. This makes it possible for unauthenticated attackers to confirm orders v... • https://patchstack.com/database/vulnerability/checkout-plugins-stripe-woo/wordpress-stripe-payments-for-woocommerce-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43315 – WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-43315
16 Aug 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1. The Stripe Payments For WooCommerce by Checkout Plugins plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.1 via the verify_intent() due to missing validation on the 'order' user controlled key. This makes it possible for unauthenticat... • https://patchstack.com/database/vulnerability/checkout-plugins-stripe-woo/wordpress-stripe-payments-for-woocommerce-plugin-1-9-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •