Page 47 of 250 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-20891

https://notcve.org/view.php?id=CVE-2019-20891

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. WooCommerce versiones anteriores a 3.6.5, cuando maneja las importaciones CSV de productos, presenta un problema de tipo cross-site request forgery (CSRF) con un cross-site scripting (XSS) almacenado resultante (Un ataque de tipo XSS) por medio del archivo includes/admin/importers/class-wc-product-csv-importer-controller.php • https://blog.ripstech.com/2019/woocommerce-csrf-to-stored-xss https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-29156 – WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter

https://notcve.org/view.php?id=CVE-2020-29156

The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. El plugin WooCommerce versiones anteriores a 4.7.0 para WordPress, permite a atacantes remotos visualizar el estado de pedidos arbitrarios por medio del parámetro order_id en una acción fetch_order_status • https://github.com/Ko-kn3t/CVE-2020-29156 https://raw.githubusercontent.com/woocommerce/woocommerce/master/changelog.txt • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-14979

https://notcve.org/view.php?id=CVE-2019-14979

cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state ** EN DISPUTA ** cgi-bin / webscr? Cmd = _cart en el plugin de Gateway de pago y envío de PayPal de WooCommerce 1.6.17 para WordPress permite la manipulación de parámetros en un parámetro de cantidad (como la cantidad_1), como se demuestra comprando un artículo por un precio inferior al precio previsto NOTA: El autor del complemento declara que es cierto que la cantidad se puede manipular en el flujo de pago de PayPal. • https://gkaim.com/cve-2019-14979-vikas-chaudhary https://wordpress.org/support/topic/vulnerabilty-in-plugin/#post-11899173 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-14978 – WooCommerce PayU India <= 2.1.1 - Improper Input Validation

https://notcve.org/view.php?id=CVE-2019-14978

/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price. El archivo /payu/icpcheckout/ en el plugin WooCommerce PayU India Payment Gateway versión 2.1.1 para WordPress, permite la Manipulación de Parámetros en el parámetro buyQuantity=1, como es demostrado por la compra de un artículo por un precio más bajo al previsto. • https://gkaim.com/cve-2019-14978-vikas-chaudhary https://wpvulndb.com/vulnerabilities/9959 • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-14796 – Woocommerce Products Price Bulk Edit <= 2.0 - Cross-Site Scripting via show_products_page_limit parameter

https://notcve.org/view.php?id=CVE-2019-14796

The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. El plugin mq-wooWordPresscommerce-products-price-bulk-edit (también se conoce como Woocommerce Products Price Bulk Edit) versión 2.0 para WordPress, permite un ataque de tipo XSS por medio del parámetro wp-admin/admin-ajax.php?action=update_options show_products_page_limit. The Woocommerce Products Price Bulk Edit plugin for WordPress is vulnerable to Cross-Site Scripting via the wp-admin/admin-ajax.php? • https://wordpress.org/plugins/mq-woocommerce-products-price-bulk-edit/#developers https://wpvulndb.com/vulnerabilities/9515 https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-woocommerce-products-price-bulk-edit-for • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •