CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2262 – WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-2262
11 Mar 2024 — Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs El complemento Themify de WordPress anterior a 1.4.4 no tiene verificación CSRF en su acción masiva, lo que podría permitir a los atacantes hacer que los usuarios registrados eliminen filtros arbitrarios mediante un ataque CSRF, siempre que conozcan los filtros relacionados. The Themify – Wo... • https://wpscan.com/vulnerability/30544377-b90d-4762-b38a-ec89bda0dfdc • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2263 – WooCommerce Product Filter < 1.4.4 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-2263
11 Mar 2024 — Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento Themify de WordPress anterior a 1.4.4 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera una cross-site scripting reflejado que podría usarse contra usuarios con altos privilegios, como el administrador. The Themify – WooCommerce Product Fil... • https://wpscan.com/vulnerability/ec092ed9-eb3e-40a7-a878-ab854104e290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2278 – WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-2278
11 Mar 2024 — Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Themify de WordPress anterior a 1.4.4 no sanitiza ni escapa algunas de sus configuraciones de filtros, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de cross-... • https://wpscan.com/vulnerability/2cbabde8-1e3e-4205-8a5c-b889447236a0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •