CVE-2024-6987

The CVE-2024-6987 entry concerns the Orchid Store WordPress theme. The documented root cause is a missing capability check in orchid_store_activate_plugin, enabling unauthorized data modification by authenticated users with Subscriber-level access and above to activate the Addonify Floating Cart ...

WordPress Addonify plugin <= 1.2.16 - Unauthenticated Full Path Dislcosure vulnerability

Unauthenticated Full Path Dislcosure vulnerability discovered by stealthcopter in WordPress Plugin Addonify versions = 1.2.16...

WordPress Addonify Plugin <= 1.2.16 is vulnerable to Sensitive Data Exposure

Software Addonify Type Plugin Vulnerable versions = 1.2.16 Fixed in 1.2.17 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6560 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d0b06da3556d Credits stealthcopter Required privileg...

CVE-2024-6560

The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

CVE-2024-6560 Addonify – Quick View For WooCommerce <= 1.2.16 - Unauthenticated Full Path Dislcosure

The Addonify – Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...

PT-2024-37717 · WordPress · Addonify – Quick View For Woocommerce

Name of the Vulnerable Software and Affected Versions: Addonify – Quick View For WooCommerce plugin for WordPress versions up to, and including, 1.2.16 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes mobiledetect without preventing direct access...