CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39308 – WooCommerce myghpay Payment Gateway <= 3.0 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-39308
14 Dec 2021 — The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.0. El plugin WooCommerce myghpay Payment Gateway de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro clientref encontrado en el archivo ~/processresponse.php que permite a atacantes inyectar scripts w... • https://plugins.trac.wordpress.org/browser/woo-myghpay-payment-gateway/trunk/processresponse.php?rev=2410420#L134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12070 – Advanced Woo Search <= 2.00 - Information Disclosure
https://notcve.org/view.php?id=CVE-2020-12070
23 Apr 2020 — The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php. El plugin Advanced Woo Search versiones hasta la versión 1.99 para Wordpress, sufre de una vulnerabilidad de divulgación de información confidencial en cada petición de búsqueda ajax por medio del campo sql en el archivo includes/class-aws-search.php. • https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/1.99/includes/class-aws-search.php#L222 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10095 – woo-popup Plugin class-woo-popup-admin.php cross site scripting
https://notcve.org/view.php?id=CVE-2015-10095
21 May 2015 — A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. • https://github.com/wp-plugins/woo-popup/commit/7c76ac78f3e16015991b612ff4fa616af4ce9292 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •