CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7151 – Product Enquiry for WooCommerce < 3.2 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-7151
15 Jan 2024 — The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento Product Enquiry for WooCommerce para WordPress anterior a 3.2 no sanitiza ni escapa el parámetro page antes de devolverlo en un atributo, lo que genera cross site scripting reflejado que podría usarse contra usuarios con privilegios el... • https://wpscan.com/vulnerability/4992a4a9-f21a-46e2-babf-954acfc7c5b4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34015 – WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34015
02 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions. The Advanced Flat rate shipping Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4.4. This is due to missing or incorrect nonce validation on the enableDisable and deletePost functions. This makes it possible for unauthenticated attackers to enable, ... • https://patchstack.com/database/vulnerability/advanced-free-flat-shipping-woocommerce/wordpress-advanced-flat-rate-shipping-woocommerce-plugin-1-6-4-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29423 – WordPress Cancel order request WooCommerce Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-29423
06 Apr 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions. The Cancel order request WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a... • https://patchstack.com/database/vulnerability/cancel-order-request-woocommerce/wordpress-cancel-order-request-woocommerce-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29094 – WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.20 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-29094
03 Apr 2023 — Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions. The Product page shipping calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.3.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary ... • https://patchstack.com/database/vulnerability/product-page-shipping-calculator-for-woocommerce/wordpress-product-page-shipping-calculator-for-woocommerce-plugin-1-3-20-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29170 – WordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-29170
03 Apr 2023 — Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions. The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web s... • https://patchstack.com/database/vulnerability/enquiry-quotation-for-woocommerce/wordpress-product-enquiry-for-woocommerce-plugin-2-2-12-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28991 – WordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28991
31 Mar 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19 versions. The Order date time for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers ,with administrator-level access and abov... • https://patchstack.com/database/vulnerability/pi-woocommerce-order-date-time-and-type/wordpress-order-date-time-for-woocommerce-plugin-3-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29093 – WordPress Conditional extra fees for woocommerce Plugin <= 1.0.96 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-29093
31 Mar 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions. The Conditional cart fee / Extra charge rule for WooCommerce extra fees plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.96 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers ,with administrator-level access and a... • https://patchstack.com/database/vulnerability/conditional-extra-fees-for-woocommerce/wordpress-conditional-extra-fees-for-woocommerce-plugin-1-0-96-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28988 – WordPress Direct checkout, Add to cart redirect for Woocommerce Plugin <= 2.1.48 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28988
30 Mar 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <= 2.1.48 versions. The Direct checkout, Add to cart redirect for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 2.1.48 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... • https://patchstack.com/database/vulnerability/add-to-cart-direct-checkout-for-woocommerce/wordpress-direct-checkout-add-to-cart-redirect-for-woocommerce-plugin-2-1-48-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47154 – WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47154
20 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin <= 2.4.49 versions. The CSS JS Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.49. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to create, modify, delete, and retrieve plugin resources via a forged request grant... • https://patchstack.com/database/vulnerability/css-js-manager/wordpress-css-js-manager-async-javascript-defer-render-blocking-css-supports-woocommerce-plugin-2-4-49-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3603 – Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection
https://notcve.org/view.php?id=CVE-2022-3603
03 Nov 2022 — The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection. El complemento Exportar lista de clientes csv para WooCommerce, usuarios de WordPress csv, exportar lista de clientes invitados de WordPress antes de 2.0.69 no valida los datos cuando los devuelve a un archivo CSV, lo que podría provocar una inyección de CSV. The Export customers list csv... • https://wpscan.com/vulnerability/376e2bc7-2eb9-4e0a-809c-1582940ebdc7 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •