CVE-2024-43259 – WordPress Order Export for WooCommerce plugin <= 3.23 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-43259
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in JEM Plugins Order Export for WooCommerce.This issue affects Order Export for WooCommerce: from n/a through 3.23. The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.23. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/order-export-and-more-for-woocommerce/wordpress-order-export-for-woocommerce-plugin-3-23-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-43127 – WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.11 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43127
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11. The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alg_export_filter_all_columns' parameter in versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/export-woocommerce/wordpress-products-order-customers-export-for-woocommerce-plugin-2-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-34751 – WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-34751
Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9. Vulnerabilidad de deserialización de datos no confiables en WebToffee Order Export & Order Import para WooCommerce. Este problema afecta Order Export & Order Import for WooCommerce: desde n/a hasta 2.4.9. The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.9 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-9-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVE-2024-32835 – WordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerability
https://notcve.org/view.php?id=CVE-2024-32835
Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. Vulnerabilidad de deserialización de datos no confiables en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.3. The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserialization of untrusted input in the input.php file. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVE-2024-31235 – WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31235
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WebToffee WordPress Comments Import & Export. Este problema afecta la importación y exportación de comentarios de WordPress: desde n/a hasta 2.3.5. The WordPress Comments Import & Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.5. This is due to missing or incorrect nonce validation on the do_export() function. • https://patchstack.com/database/vulnerability/comments-import-export-woocommerce/wordpress-comments-import-export-plugin-2-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •