CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4489 – WOOF - Products Filter for WooCommerce < 1.3.2 - Admin+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2022-4489
The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. The HUSKY plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.3.1 via deserialization of untrusted input in the get_all_options function. This allows authenticated attackers with administrator-level privileges to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://wpscan.com/vulnerability/067573f2-b1e6-49a9-8c5b-f91e3b9d722f • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-4431 – WOOCS < 1.3.9.4 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4431
The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento WOOCS de WordPress anterior a 1.3.9.4 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de cross site scripting almacenado que podrían usarse contra usuarios con privilegios elevados, como administradores. The WOOCS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 1.3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/860b882b-983c-44b5-8c09-b6890df8a0da https://wpscan.com/vulnerability/c7d12fd4-7346-4727-9f6c-7e7e5524a932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2022-4063 – InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
https://notcve.org/view.php?id=CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. El complemento de WordPress InPost Gallery anterior a 2.1.4.1 utiliza de forma insegura la función extract() de PHP al representar vistas HTML, lo que permite a los atacantes forzar la inclusión de archivos y archivos maliciosos. URL, que pueden permitirles ejecutar código en servidores. The InPost Gallery Plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.4 via the popup_shortcode_key parameter. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1916 – Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting
https://notcve.org/view.php?id=CVE-2022-1916
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting El plugin Active Products Tables for WooCommerce. Professional products tables for WooCommerce store de Wordpress versiones anteriores a 1.0.5, no sanea y escapa de un parámetro antes de devolverlo en la respuesta de una acción AJAX (disponible tanto para usuarios no autenticados como autenticados), conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/d16a0c3d-4318-4ecd-9e65-fc4165af8808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0234 – WOOCS < 1.3.7.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0234
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting El plugin WOOCS de WordPress versiones anteriores a 1.3.7.5 no sanea ni escapa del parámetro woocs_in_order_currency de la acción AJAX woocs_get_products_price_html (disponible tanto para usuarios autenticados como no autenticados) antes de devolverlo a la respuesta, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2659191 https://wpscan.com/vulnerability/fd568a1f-bd51-41bb-960d-f8573b84527b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •