CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52395 – WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-52395
11 Nov 2024 — Missing Authorization vulnerability in QunatumCloud Floating Buttons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooCommerce: from n/a through 2.8.8. The Floating Buttons for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.8.8. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/shop-assistant-for-woocommerce-jarvis/wordpress-floating-buttons-for-woocommerce-plugin-2-8-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51693 – WordPress Search order by product SKU for WooCommerce plugin <= 0.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51693
04 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in laboratorio d’Avanguardia Search order by product SKU for WooCommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through 0.2. The Search order by product SKU for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes ... • https://patchstack.com/database/vulnerability/search-order-by-product-sku-for-woocommerce/wordpress-search-order-by-product-sku-for-woocommerce-plugin-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51784 – WordPress FriendStore for WooCommerce plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51784
04 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VietFriend team FriendStore for WooCommerce allows Reflected XSS.This issue affects FriendStore for WooCommerce: from n/a through 1.4.2. The FriendStore for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ar... • https://patchstack.com/database/vulnerability/friendstore-for-woocommerce/wordpress-friendstore-for-woocommerce-plugin-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50510 – WordPress AR For Woocommerce plugin <= 6.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50510
28 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through 6.2. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en diseño web e impreso AR For Woocommerce permite cargar un shell web a un servidor web. Este problema afecta a AR For Woocommerce: desde n/a hasta 6.2. The AR for WooCommerce plugin for WordPress is vulnerable to arbitrary file u... • https://github.com/RandomRobbieBF/CVE-2024-50510 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50421 – WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 3.8.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-50421
24 Oct 2024 — Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6. La vulnerabilidad de autorización faltante en WP Overnight WooCommerce PDF Invoices & Packing Slips permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WooCommerce PDF Invoices & Packing Sli... • https://patchstack.com/database/vulnerability/woocommerce-pdf-invoices-packing-slips/wordpress-pdf-invoices-packing-slips-for-woocommerce-plugin-3-8-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50447 – WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50447
24 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.19. The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping.... • https://patchstack.com/database/vulnerability/envo-elementor-for-woocommerce/wordpress-envo-s-elementor-templates-widgets-for-woocommerce-plugin-1-4-19-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50448 – WordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50448
24 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.14.1. The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.14.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inj... • https://patchstack.com/database/vulnerability/yith-woocommerce-product-add-ons/wordpress-yith-woocommerce-product-add-ons-plugin-4-14-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49640 – WordPress ACL Floating Cart for WooCommerce plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49640
21 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through 0.9. The ACL Floating Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers... • https://patchstack.com/database/vulnerability/acl-floating-cart-for-woocommerce/wordpress-acl-floating-cart-for-woocommerce-plugin-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49651 – WordPress WooCommerce Maintenance Mode plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49651
21 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matt Royal WooCommerce Maintenance Mode allows Reflected XSS.This issue affects WooCommerce Maintenance Mode: from n/a through 2.0.1. The WooCommerce Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbi... • https://patchstack.com/database/vulnerability/woocommerce-maintenance-mode/wordpress-woocommerce-maintenance-mode-plugin-2-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49305 – WordPress Customer Email Verification for WooCommerce plugin <= 2.8.10 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49305
15 Oct 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10. The Email Verification for WooCommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.8.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes... • https://patchstack.com/database/vulnerability/emails-verification-for-woocommerce/wordpress-customer-email-verification-for-woocommerce-plugin-2-8-10-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •