CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7656 – Image Hotspot by DevVN <= 1.2.5 - Authenticated (Author+) PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-7656
23 Aug 2024 — The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to d... • https://www.wordfence.com/threat-intel/vulnerabilities/id/624bdb9e-6c50-4a00-9a04-1a32c938d48b?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24885 – WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-24885
05 Feb 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê V?n To?n Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Lê V?n To? • https://patchstack.com/database/vulnerability/woo-vietnam-checkout/wordpress-woocommerce-vietnam-checkout-plugin-2-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5325 – Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2023-5325
06 Nov 2023 — The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS El complemento Woocommerce Vietnam Checkout de WordPress anterior a 2.0.6 no escapa del campo de teléfono de envío personalizado ni del formulario de pago que conduce a XSS The Woocommerce Vietnam Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom shipping phone number in all versions up to, and including, 2.0.5 due to insuf... • https://wpscan.com/vulnerability/e93841ef-e113-41d3-9fa1-b21af85bd812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46843 – WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-46843
09 Dec 2022 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van Toan Woocommerce Vietnam Checkout plugin <= 2.0.4 versions. The Woocommerce Vietnam Checkout plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘from’ and 'to' parameters in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user i... • https://patchstack.com/database/vulnerability/woo-vietnam-checkout/wordpress-woocommerce-vietnam-checkout-plugin-2-0-4-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •