NotCVE - vendor:"Themehigh" product:"Checkout Field Editor For Woocommerce"

3 results (0.006 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-8499 – Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice

https://notcve.org/view.php?id=CVE-2024-8499

03 Oct 2024 — The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/woo-checkout-field-editor-pro/trunk/admin/class-thwcfd-admin.php#L426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-35658 – WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

https://notcve.org/view.php?id=CVE-2024-35658

03 Jun 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through 3.6.2. La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en ThemeHigh Checkout Field Editor para WooCommerce (Pro) permite el uso indebido de la funcionalidad y la manipula... • https://patchstack.com/database/vulnerability/woocommerce-checkout-field-editor-pro/wordpress-checkout-field-editor-for-woocommerce-pro-plugin-3-6-2-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-3490 – Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

https://notcve.org/view.php?id=CVE-2022-3490

07 Nov 2022 — The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present El complemento Checkout Field Editor (Checkout Manager) de WooCommerce para WordPress anterior a 1.8.0 deserializa la entrada del usuario proporcionada a través de la configuración, lo que podría permitir a usuarios con privilegios elevados, como el a... • https://wpscan.com/vulnerability/0c9f22e0-1d46-4957-9ba5-5cca78861136 • CWE-502: Deserialization of Untrusted Data •