3 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-25077 – Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-25077

The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting El plugin Store Toolkit for WooCommerce de WordPress versiones anteriores a 2.3.2, no sanea y escapa del parámetro tab antes de devolverlo a una página de administración en un mensaje de error, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2654503 https://wpscan.com/vulnerability/53868650-aba0-4d07-89d2-a998bb0ee5f6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10923 – Store Toolkit for WooCommerce <= 1.5.7 - Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-10923

The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. El plugin woocommerce-store-toolkit anterior de la versión 1.5.8 para WordPress tiene escalada de privilegios. The Store Toolkit for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.7. This is due to improper privilege management. This makes it possible for authenticated attackers to bypass capability checks. • https://wordpress.org/plugins/woocommerce-store-toolkit/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-10922 – Store Toolkit for WooCommerce <= 1.5.6 - Missing Authorization

https://notcve.org/view.php?id=CVE-2016-10922

The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. El plugin woocommerce-store-toolkit anterior de la versión 1.5.7 para WordPress tiene escalada de privilegios. The Store Toolkit for WooCommerce plugin for WordPress is vulnerable to missing authorization checks on the woo_st_admin_init() function in versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to gain access to restricted administrative actions and delete several different types of site content. • https://wordpress.org/plugins/woocommerce-store-toolkit/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •