NotCVE - vendor:"Woocommerce" product:"Woocommerce" version:" >= 3.5.0

Page 3 of 13 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-20891

https://notcve.org/view.php?id=CVE-2019-20891

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. WooCommerce versiones anteriores a 3.6.5, cuando maneja las importaciones CSV de productos, presenta un problema de tipo cross-site request forgery (CSRF) con un cross-site scripting (XSS) almacenado resultante (Un ataque de tipo XSS) por medio del archivo includes/admin/importers/class-wc-product-csv-importer-controller.php • https://blog.ripstech.com/2019/woocommerce-csrf-to-stored-xss https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-29156 – WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter

https://notcve.org/view.php?id=CVE-2020-29156

The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. El plugin WooCommerce versiones anteriores a 4.7.0 para WordPress, permite a atacantes remotos visualizar el estado de pedidos arbitrarios por medio del parámetro order_id en una acción fetch_order_status • https://github.com/Ko-kn3t/CVE-2020-29156 https://raw.githubusercontent.com/woocommerce/woocommerce/master/changelog.txt • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-9168 – WooCommerce <= 3.5.4 - Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-9168

WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. WooCommerce, en versiones anteriores a la 3.5.5, permite Cross-Site Scripting (XSS) mediante una leyenda de Photoswipe. • https://woocommerce.wordpress.com/2019/02/20/woocommerce-3-5-5-security-fix-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3