CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37203 – WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37203
20 Jun 2024 — Missing Authorization vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9. The Laybuy Payment Extension for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.3.9. This makes it possible for authenticated attackers, with Subscriber-leve... • https://patchstack.com/database/vulnerability/laybuy-gateway-for-woocommerce/wordpress-laybuy-payment-extension-for-woocommerce-plugin-5-3-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37202 – WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.16 - Broken Access Control to XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-37202
20 Jun 2024 — Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter allows Cross-Site Scripting (XSS).This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through 1.222.16. The Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and inclu... • https://patchstack.com/database/vulnerability/custom-add-to-cart-button-for-woocommerce/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37297 – WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms
https://notcve.org/view.php?id=CVE-2024-37297
10 Jun 2024 — WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. • https://developer.woocommerce.com/2024/06/10/developer-advisory-xss-vulnerability-8-8-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35698 – WordPress YITH WooCommerce Tab Manager plugin <= 1.35.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35698
06 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Tab Manager allows Stored XSS.This issue affects YITH WooCommerce Tab Manager: from n/a through 1.35.0. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en YITH YITH WooCommerce Tab Manager permite XSS Almacenado. Este problema afecta a YITH WooCommerce Tab Manager: desde n/a hasta 1.35.0. The YITH WooC... • https://patchstack.com/database/vulnerability/yith-woocommerce-tab-manager/wordpress-yith-woocommerce-tab-manager-plugin-1-35-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34385 – WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34385
30 May 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through 3.32.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en YITH YITH WooCommerce Wishlist permite XSS almacenado. Este problema afecta a YITH WooCommerce Wishlist: desde n/a hasta 3.32.0. The YITH WooCommerce W... • https://patchstack.com/database/vulnerability/yith-woocommerce-wishlist/wordpress-yith-woocommerce-wishlist-plugin-3-32-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34751 – WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-34751
14 May 2024 — Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9. Vulnerabilidad de deserialización de datos no confiables en WebToffee Order Export & Order Import para WooCommerce. Este problema afecta Order Export & Order Import for WooCommerce: desde n/a hasta 2.4.9. The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection... • https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-9-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35167 – WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35167
10 May 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a through 1.4.8. Neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce permiten almacenar XSS. Este problema afecta las plantilla... • https://patchstack.com/database/vulnerability/envo-elementor-for-woocommerce/wordpress-envo-s-elementor-templates-widgets-for-woocommerce-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34370 – WordPress EAN for WooCommerce plugin <= 4.8.9 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-34370
03 May 2024 — Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. Una vulnerabilidad de gestión de privilegios incorrecta en WPFactory EAN para WooCommerce permite la escalada de privilegios. Este problema afecta a EAN para WooCommerce: desde n/a hasta 4.8.9. The EAN for WooCommerce plugin for WordPress is vulnerable to arbitrary options updates n all versions up to, and including, 4.8.9. This is due to in... • https://patchstack.com/database/vulnerability/ean-for-woocommerce/wordpress-ean-for-woocommerce-plugin-4-8-9-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33944 – WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability
https://notcve.org/view.php?id=CVE-2024-33944
30 Apr 2024 — Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2. Vulnerabilidad de autorización faltante en Kestrel WooCommerce AWeber Newsletter Subscription. Este problema afecta la suscripción al boletín WooCommerce AWeber: desde n/a hasta 4.0.2. The WooCommerce AWeber Newsletter Subscription plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che... • https://patchstack.com/database/vulnerability/woocommerce-aweber-newsletter-subscription/wordpress-woocommerce-aweber-newsletter-subscription-plugin-4-0-1-unauthenticated-access-token-change-reset-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33949 – WordPress Min and Max Purchase for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33949
30 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vark Min and Max Purchase for WooCommerce allows Stored XSS.This issue affects Min and Max Purchase for WooCommerce: from n/a through 2.0.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Vark Min and Max Purchase para WooCommerce permite almacenar XSS. Este problema afecta a Min y Max Purchase para WooCommerce: desde n/a hasta 2... • https://patchstack.com/database/vulnerability/min-and-max-purchase-for-woocommerce/wordpress-min-and-max-purchase-for-woocommerce-plugin-2-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •