CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43271 – WordPress Widgets for WooCommerce Products on Elementor plugin <= 2.0.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43271
12 Aug 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0. The Widgets for WooCommerce Products on Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to includ... • https://patchstack.com/database/vulnerability/woo-products-widgets-for-elementor/wordpress-widgets-for-woocommerce-products-on-elementor-plugin-2-0-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38683 – WordPress WooCommerce Report plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-38683
10 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iThemelandCo WooCommerce Report allows Reflected XSS.This issue affects WooCommerce Report: from n/a through 1.4.5. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en iThemelandCo WooCommerce Report permite XSS reflejado. Este problema afecta a WooCommerce Report: desde n/a hasta 1.4.5. The WooCommerce Report plugin for Wor... • https://patchstack.com/database/vulnerability/ithemelandco-woo-report/wordpress-woocommerce-report-plugin-1-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37502 – WordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-37502
05 Jul 2024 — Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3. Vulnerabilidad de deserialización de datos no confiables en wpweb WooCommerce Social Login. Este problema afecta a WooCommerce Social Login: desde n/a hasta 2.6.3. The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.3 via deserialization of untrusted input. This makes it possible ... • https://patchstack.com/database/vulnerability/woo-social-login/wordpress-social-login-wordpress-woocommerce-plugin-plugin-2-6-3-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39018
https://notcve.org/view.php?id=CVE-2024-39018
01 Jul 2024 — harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que harvey-woo cat5th/key-serializer v0.2.5 contenía un prototipo de contaminación a través de la función "consulta". Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyecci... • https://gist.github.com/mestrtee/be75c60307b2292884cc03cebd361f3f • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37201 – WordPress Woocommerce Customers Order History plugin <= 5.2.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37201
20 Jun 2024 — Missing Authorization vulnerability in javmah Woocommerce Customers Order History allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woocommerce Customers Order History: from n/a through 5.2.2. The Woocommerce Customers Order History plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.2.2. This makes it possible for authenticated attackers, with subscriber-level access and ab... • https://patchstack.com/database/vulnerability/woo-customers-order-history/wordpress-woocommerce-customers-order-history-plugin-5-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35675 – WordPress Advanced Woo Labels plugin <= 1.93 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35675
05 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through 1.93. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en ILLID Advanced Woo Labels permite Cross-Site Scripting (XSS). Este problema afecta a las etiquetas Advanced Woo: desde n/a hasta 1.93. The Advanced ... • https://patchstack.com/database/vulnerability/advanced-woo-labels/wordpress-advanced-woo-labels-plugin-1-93-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34763 – WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34763
16 May 2024 — Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.5. Vulnerabilidad de autorización faltante en Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort. Este problema afecta a Builder for WooCommerce reviews shortcodes – ReviewShort: desde n/a hasta 1.01.5. The Builder for WooCommerce reviews shortcodes – ReviewShort plugin for WordPres... • https://patchstack.com/database/vulnerability/woo-product-reviews-shortcode/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33946 – WordPress WPify Woo Czech plugin <= 4.0.10 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33946
30 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPify s.R.O. WPify Woo Czech allows Reflected XSS.This issue affects WPify Woo Czech: from n/a through 4.0.10. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en WPify sRO WPify Woo Czech permite Reflected XSS. Este problema afecta a WPify Woo Czech: desde n/a hasta 4.0.10. The WPify Woo Czech plugin for WordPress is vulnerable to Refle... • https://patchstack.com/database/vulnerability/wpify-woo/wordpress-wpify-woo-czech-plugin-4-0-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32724 – WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-32724
22 Apr 2024 — Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1. Vulnerabilidad de autorización faltante en el dropshipping de Sharkdropship del importador de productos Woo para Aliexpress, eBay, Amazon, etsy. Este problema afecta al dropshipping de Sharkdropship para Aliexpress, eBay, Amazon, etsy: desde n/a hasta 2.1.1. The SharkDropship and Aff... • https://patchstack.com/database/vulnerability/woo-aliexpress-dropshipping/wordpress-sharkdropship-and-affiliate-for-aliexpress-ebay-amazon-etsy-plugin-2-1-1-arbitrary-content-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32834 – WordPress WooCommerce Shipping Label plugin <= 2.3.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32834
22 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce Shipping Label allows Stored XSS.This issue affects WooCommerce Shipping Label: from n/a through 2.3.8. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en WebToffee WooCommerce Shipping Label permite almacenar XSS. Este problema afecta a WooCommerce Shipping Label: desde n/a hasta 2.3.8. The WooCommerce Shipping... • https://patchstack.com/database/vulnerability/shipping-labels-for-woo/wordpress-woocommerce-shipping-label-plugin-2-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •