CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30463 – WordPress BEAR plugin <= 1.1.4.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30463
28 Mar 2024 — Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3. Vulnerabilidad de autorización faltante en realmag777 BEAR. Este problema afecta a BEAR: desde n/a hasta 1.1.4.3. The BEAR plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woobe_update_page_field() function in versions up to, and including, 1.1.4.3. This makes it possible for unauthenticated attackers to update page details. • https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24800 – WordPress Product Feed PRO for WooCommerce plugin <= 13.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-24800
26 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en AdTribes.Io Product Feed PRO for WooCommerce permite XSS reflejado. Este problema afecta a Product Feed PRO for WooCommerce: desde n/a hasta 13... • https://patchstack.com/database/vulnerability/woo-product-feed-pro/wordpress-product-feed-pro-for-woocommerce-plugin-13-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27999 – WordPress Preview E-mails for WooCommerce plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-27999
26 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview E-mails for WooCommerce: from n/a through 2.2.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Digamber Pradhan Preview E-mails for WooCommerce permite XSS reflejado. Este problema afecta los correos electrónicos de vista previa para... • https://patchstack.com/database/vulnerability/woo-preview-emails/wordpress-preview-e-mails-for-woocommerce-plugin-2-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30200 – WordPress BEAR plugin <= 1.1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30200
26 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en realmag777 BEAR permite XSS reflejado. Este problema afecta a BEAR: desde n/a hasta 1.1.4.2. The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for Wor... • https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30231 – WordPress Product Import Export for WooCommerce plugin <= 2.4.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-30231
26 Mar 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WebToffee Product Import Export para WooCommerce. Este problema afecta a Product Import Export para WooCommerce: desde n/a hasta 2.4.1. The Product Import Export for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads du... • https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-4-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29816 – WordPress Woo Viet plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29816
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en htdat Woo Viet permite XSS almacenado. Este problema afecta a Woo Viet: desde n/a hasta 1.5.2. The Woo Viet – WooCommerce for Vietnam plugin for WordPress is vulnerable to Stored Cross-Site Scriptin... • https://patchstack.com/database/vulnerability/woo-viet/wordpress-woo-viet-plugin-1-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29125 – WordPress Coupon Affiliates plugin <= 5.12.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29125
16 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates allows Reflected XSS.This issue affects Coupon Affiliates: from n/a through 5.12.7. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Elliot Sowersby, RelyWP Coupon Affiliates permite Reflected XSS. Este problema afecta a los Coupon Affiliates: desde n/a hasta 5.12.7. The Coupon Affiliates plug... • https://patchstack.com/database/vulnerability/woo-coupon-usage/wordpress-coupon-affiliates-plugin-5-12-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29093 – WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-29093
15 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort. Este problema afecta a Builder for WooCommerce reviews shortcodes – ReviewShort: desde n/a hasta 1.01.3. The Builder for WooCommerce reviews shortcodes – ReviewS... • https://patchstack.com/database/vulnerability/woo-product-reviews-shortcode/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27971 – WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.10 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-27971
13 Mar 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10. Limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Premmerce Premmerce Permalink Manager para WooCommerce permite la inclusión de archivos locales PHP. Este problema afecta a Premm... • https://github.com/truonghuuphuc/CVE-2024-27971-Note • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25092 – WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability
https://notcve.org/view.php?id=CVE-2024-25092
09 Feb 2024 — Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0. Vulnerabilidad de autorización faltante en XLPlugins NextMove Lite. Este problema afecta a NextMove Lite: desde n/a hasta 2.17.0. The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'xl_addon_installation' function in all versions up to, and including, 2.17.0. This makes it pos... • https://github.com/RandomRobbieBF/CVE-2024-25092 • CWE-862: Missing Authorization •