CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33330 – WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.50 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-33330
24 May 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en WooCommerce AutomateWoo. Este problema afecta a AutomateWoo: desde n/a hasta 4.9.50. The WooCommerce Follow-Up Emails plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.9... • https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-50-follow-up-emails-manager-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33317 – WordPress WooCommerce Warranty Requests Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33317
22 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions. The WooCommerce Warranty Requests plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into perf... • https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33319 – WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33319
22 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. The WooCommerce Follow-Up Emails plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.9.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an a... • https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-40-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33316 – WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-33316
22 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. The WooCommerce Follow-Up Emails plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.40. This is due to missing or incorrect nonce validation in functions called via certain AJAX actions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site admi... • https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-40-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33318 – WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-33318
22 May 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WooCommerce AutomateWoo. Este problema afecta a AutomateWoo: desde n/a hasta 4.9.40. The WooCommerce Follow-Up Emails plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the template editing functionality in versions up to, and including, 4.9... • https://patchstack.com/database/vulnerability/woocommerce-follow-up-emails/wordpress-woocommerce-follow-up-emails-plugin-4-9-40-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32963 – WordPress Predictive Search for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-32963
18 May 2023 — Missing Authorization vulnerability in a3rev Software WooCommerce Predictive Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Predictive Search: from n/a through 5.8.0. The WooCommerce Predictive Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing nonce check on multiple ajax sync functions in versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to sync various produ... • https://patchstack.com/database/wordpress/plugin/woocommerce-predictive-search/vulnerability/wordpress-predictive-search-for-woocommerce-plugin-5-8-0-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32743 – WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-32743
15 May 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en WooCommerce AutomateWoo. Este problema afecta a AutomateWoo: desde n/a hasta 5.7.1. The AutomateWoo plugin for WordPress is vulnerable to SQL Injection via bulk actions in versions up to, and including, 5.7.1... • https://patchstack.com/database/vulnerability/automatewoo/wordpress-automatewoo-plugin-5-7-1-shop-manager-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32802 – WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32802
15 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. Existe una vulnerabilidad de XSS (Cross-Site Scripting) reflejado en el plugin WooCommerce Pre-Orders de WooCommerce que afecta a las versiones 1.9.0 e inferiores. Para explotar estar vulnerabilidad no hace falta estar autenticado. The WooCommerce Pre-Orders plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.9.0 due to insufficient input sanit... • https://patchstack.com/database/vulnerability/woocommerce-pre-orders/wordpress-woocommerce-pre-orders-plugin-1-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32744 – WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32744
15 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WooCommerce Product Recommendations en versiones <= 2.3.0. The WooCommerce Product Recommendations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 2.3.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to inv... • https://patchstack.com/database/vulnerability/woocommerce-product-recommendations/wordpress-woocommerce-product-recommendations-plugin-2-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32745 – WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32745
15 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WooCommerce AutomateWoo en versiones <= 5.7.1. The AutomateWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.7.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged r... • https://patchstack.com/database/vulnerability/automatewoo/wordpress-automatewoo-plugin-5-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •