CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32795 – WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-32795
Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. Vulnerabilidad de deserialización de datos no confiables en WooCommerce Product Add-Ons. Este problema afecta a Product Add-Ons: desde n/a hasta 6.1.3. The WooCommerce Product Add-ons plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.1.3 via deserialization of untrusted input. This allows authenticated attackers, with shop manager permissions and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/woocommerce-product-addons/wordpress-woocommerce-product-add-ons-plugin-6-1-3-authenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32802 – WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32802
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. Existe una vulnerabilidad de XSS (Cross-Site Scripting) reflejado en el plugin WooCommerce Pre-Orders de WooCommerce que afecta a las versiones 1.9.0 e inferiores. Para explotar estar vulnerabilidad no hace falta estar autenticado. The WooCommerce Pre-Orders plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/woocommerce-pre-orders/wordpress-woocommerce-pre-orders-plugin-1-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32746 – WordPress WooCommerce Brands Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32746
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en el plugin WooCommerce Brands de WooCommerce, la cual afecta a las versiones 1.6.45 e inferiores. Para explotar estar vulnerabilidad hace falta estar autenticado y con permisos de colaborador o superior. The WooCommerce Brands plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '[product_brand]' shortcode in versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/woocommerce-brands/wordpress-woocommerce-brands-plugin-1-6-45-contributor-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32793 – WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32793
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el plugin WooCommerce Pre-Orders de WooCommerce, la cual afecta a las versiones 2.0.0 e inferiores. Para explotar estar vulnerabilidad hace falta estar autenticado y tener permisos de colaborador o superior. The WooCommerce Pre-Orders plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/woocommerce-pre-orders/wordpress-woocommerce-pre-orders-plugin-2-0-0-contributor-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32575 – WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.25 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32575
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Product page shipping calculator for WooCommerce de PI Websolution que afecta a las versiones 1.3.25 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador o superior. The Product page shipping calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.25 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/product-page-shipping-calculator-for-woocommerce/wordpress-product-page-shipping-calculator-for-woocommerce-plugin-1-3-25-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •