CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37515 – WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37515
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Optemiz XPlainer - WooCommerce Product FAQ permite XSS reflejado. Este problema afecta a XPlainer - WooCommerce Product FAQ: desde n/a hasta 1.6.3. The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/faq-for-woocommerce/wordpress-xplainer-woocommerce-product-faq-woocommerce-accordion-faq-plugin-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37522 – WordPress CC & BCC for Woocommerce Order Emails plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37522
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dario Curasì CC & BCC for Woocommerce Order Emails allows Stored XSS.This issue affects CC & BCC for Woocommerce Order Emails: from n/a through 1.4.1. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Dario Curasì CC & BCC para Woocommerce Order Emails permite XSS almacenado. Este problema afecta a CC & BCC para Woocommerce Order Emails: desde n/a hasta 1.4 .1. The CC & BCC for Woocommerce Order Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/cc-bcc-for-woocommerce-order-emails/wordpress-cc-bcc-for-woocommerce-order-emails-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35777 – WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-35777
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2. Neutralización inadecuada de elementos especiales en la salida utilizados por una vulnerabilidad de componente posterior ('Injection') en Automattic WooCommerce permite la suplantación de contenido. Este problema afecta a WooCommerce: desde n/a hasta 8.9.2. The WooCommerce plugin for WordPress is vulnerable to content injection in all versions up to, and including, 8.9.2. This is due to the plugin not properly restricting/validating content. • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-9-2-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37203 – Laybuy Payment Extension for WooCommerce <= 5.3.9 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-37203
The Laybuy Payment Extension for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.3.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37202 – WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.16 - Broken Access Control to XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-37202
Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter allows Cross-Site Scripting (XSS).This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through 1.222.16. The Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.222.16. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/custom-add-to-cart-button-for-woocommerce/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve • CWE-862: Missing Authorization •