CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30998 – WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-30998
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress. Múltiples vulnerabilidades de Inyección SQL (SQLi) Autenticadas (rol de suscriptor o usuario superior) en el plugin Homepage Product Organizer for WooCommerce de WooPlugins.co versiones anteriores a 1.1 incluyéndola, en WordPress The Homepage Product Organizer for WooCommerce plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/homepage-product-organizer-for-woocommerce/wordpress-homepage-product-organizer-for-woocommerce-plugin-1-1-multiple-authenticated-sql-injection-sqli-vulnerabilities https://wordpress.org/plugins/homepage-product-organizer-for-woocommerce/#description • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1933 – CDI < 5.1.9 - Reflected Cross-Site-Scripting
https://notcve.org/view.php?id=CVE-2022-1933
The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting El plugin CDI de WordPress versiones anteriores a 5.1.9, no sanea y escapa de un parámetro antes de devolverlo en la respuesta de una acción AJAX (disponible tanto para usuarios no autenticados como autenticados), conllevando a un ataque de tipo Cross-Site Scripting Reflejado CDI – Collect and Deliver Interface for Woocommerce plugin for WordPress is vulnerable to Cross-Site Scripting via multiple parameters in version up to, and including, 5.1.9. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wpscan.com/vulnerability/6cedb27f-6140-4cba-836f-63de98e521bf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2099 – WooCommerce < 6.6.0 - Admin+ Stored HTML Injection
https://notcve.org/view.php?id=CVE-2022-2099
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles El plugin WooCommerce de WordPress versiones anteriores a 6.6.0 es vulnerable a la inyección de HTML almacenado debido a la falta de escape y sanitización en los títulos de la pasarela de pago The WooCommerce plugin for WordPress is vulnerable to Stored HTML Injection via payment gateway titles in versions up to 6.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with high-level capabilities, such as a Store Manager, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/0316e5f3-3302-40e3-8ff4-be3423a3be7b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1470 – Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1470
The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting El plugin Ultimate WooCommerce CSV Importer de WordPress versiones hasta 2.0, no sanea y escapa de los datos importados antes de devolverlos a la página, lo que conlleva a un Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/13bb796f-7a17-47c9-a46f-a1d6ca4b6b91 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1953 – Product Configurator for WooCommerce < 1.2.32 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2022-1953
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first El plugin Product Configurator for WooCommerce de WordPress versiones anteriores a 1.2.32, sufre una vulnerabilidad de borrado arbitrario de archivos por medio de una acción AJAX, accesible a usuarios no autenticados, que acepta la entrada del usuario que es usada en una ruta y es pasada a unlink() sin comprobación previa The Product Configurator for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletions in versions up to, and including, 1.2.31 due to insufficient file validation and file path validation on the save_image() function that uses unlink() on a user supplied file path. This function is invoked via the wp_ajax_nopriv_mkl_pc_generate_config_image AJAX action which is tied to the generate_config_image() function with no capability checks or nonce validation which makes this issue exploitable via any unauthenticated user such as subscriber, or via a Cross-Site Request Forgery. • https://wpscan.com/vulnerability/b66d6682-edbc-435f-a73a-dced32a32770 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •