CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52379 – WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52379
Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through 2.0.8. The kineticPay for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/kineticpay-for-woocommerce/wordpress-kineticpay-for-woocommerce-plugin-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52395 – WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-52395
Missing Authorization vulnerability in QunatumCloud Floating Buttons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooCommerce: from n/a through 2.8.8. The Floating Buttons for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.8.8. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/shop-assistant-for-woocommerce-jarvis/wordpress-floating-buttons-for-woocommerce-plugin-2-8-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51784 – WordPress FriendStore for WooCommerce plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51784
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VietFriend team FriendStore for WooCommerce allows Reflected XSS.This issue affects FriendStore for WooCommerce: from n/a through 1.4.2. The FriendStore for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/friendstore-for-woocommerce/wordpress-friendstore-for-woocommerce-plugin-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51693 – WordPress Search order by product SKU for WooCommerce plugin <= 0.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51693
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in laboratorio d’Avanguardia Search order by product SKU for WooCommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through 0.2. The Search order by product SKU for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/search-order-by-product-sku-for-woocommerce/wordpress-search-order-by-product-sku-for-woocommerce-plugin-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50421 – WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 3.8.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-50421
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6. La vulnerabilidad de autorización faltante en WP Overnight WooCommerce PDF Invoices & Packing Slips permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WooCommerce PDF Invoices & Packing Slips: desde n/a hasta 3.8.6. The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.8.6. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-pdf-invoices-packing-slips/wordpress-pdf-invoices-packing-slips-for-woocommerce-plugin-3-8-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •