NotCVE - vendor:"WooCommerce"

Page 6 of 297 results (0.011 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43292 – WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-43292

16 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.16. The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping.... • https://patchstack.com/database/vulnerability/envo-elementor-for-woocommerce/wordpress-envo-s-elementor-templates-widgets-for-woocommerce-plugin-1-4-16-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-39666 – WordPress WooCommerce plugin <= 9.1.2 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-39666

16 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2. The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that w... • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-9-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43259 – WordPress Order Export for WooCommerce plugin <= 3.23 - Sensitive Data Exposure vulnerability

https://notcve.org/view.php?id=CVE-2024-43259

12 Aug 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in JEM Plugins Order Export for WooCommerce.This issue affects Order Export for WooCommerce: from n/a through 3.23. The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.23. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/order-export-and-more-for-woocommerce/wordpress-order-export-for-woocommerce-plugin-3-23-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43219 – WordPress Persian WooCommerce plugin <= 7.1.6 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-43219

09 Aug 2024 — Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. The Persian WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.1.6. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/persian-woocommerce/wordpress-persian-woocommerce-plugin-7-1-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43213 – WordPress MultiVendorX Marketplace plugin <= 4.1.17 - Reflected Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-43213

09 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17. The WC Marketplace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.1.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut... • https://patchstack.com/database/vulnerability/dc-woocommerce-multi-vendor/wordpress-multivendorx-marketplace-plugin-4-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43132 – WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated SQL Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-43132

07 Aug 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0. The Docket (WooCommerce Collections / Wishlist / Watchlist) plugin for WordPress is vulnerable to SQL Injection in versions up to 1.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient pre... • https://patchstack.com/database/vulnerability/woocommerce-collections/wordpress-docket-woocommerce-collections-wishlist-watchlist-plugin-1-6-6-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43134 – WordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-43134

07 Aug 2024 — Missing Authorization vulnerability in xootix Waitlist Woocommerce ( Back in stock notifier ) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce ( Back in stock notifier ): from n/a through 2.6. The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the send_email() and remove_row() function in versions up to, and including, 2.6. This makes it possible for ... • https://patchstack.com/database/vulnerability/waitlist-woocommerce/wordpress-waitlist-woocommerce-plugin-2-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43121 – WordPress HUSKY plugin <= 1.3.6.1 - Privilege Escalation vulnerability

https://notcve.org/view.php?id=CVE-2024-43121

07 Aug 2024 — Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1. The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to missing option validation on the do_import_data() function in all versions up to, and including, 1.3.6.1. This makes it possible for authenticated attackers, with Shop Manager-level access and a... • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-6-1-privilege-escalation-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43127 – WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.11 - Reflected Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-43127

07 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11. The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alg_export_filter_all_columns' parameter in versions up to, and including, 2.0.11 due to ins... • https://patchstack.com/database/vulnerability/export-woocommerce/wordpress-products-order-customers-export-for-woocommerce-plugin-2-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43131 – WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerability

https://notcve.org/view.php?id=CVE-2024-43131

07 Aug 2024 — Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0. The Docket (WooCommerce Collections / Wishlist / Watchlist) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 1.7.0 (exclusive). This makes it possible for unauthentica... • https://patchstack.com/database/vulnerability/woocommerce-collections/wordpress-docket-woocommerce-collections-wishlist-watchlist-plugin-1-6-6-unauthenticated-arbitrary-post-page-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •

1...4 5 6 7 8