27 matches found
CVE-2023-23667
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in BeRocket Brands for WooCommerce plugin = 3.7.0.6 versions...
CVE-2023-23667
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in BeRocket Brands for WooCommerce plugin = 3.7.0.6 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in BeRocket Brands for WooCommerce plugin = 3.7.0.6 versions...
CVE-2023-23667 WordPress Brands for WooCommerce Plugin <= 3.7.0.6 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in BeRocket Brands for WooCommerce plugin = 3.7.0.6 versions...
CVE-2023-23667
CVE-2023-23667 affects the Brands for WooCommerce WordPress plugin. The vulnerability is a stored XSS in BeRocket Brands for WooCommerce, exploitable by an authenticated user with the Contributor role or higher, via shortcode attributes output in pages/posts. Affected versions are
VulnCheck KEV: CVE-2022-45813
BeRocket Plugins for WordPress is vulnerable to an authorization bypass in the closenotice, subscribe, disableratenotice, featurerequestsend, getpluginerrorajax, closenotice, and testkey functions which can allow user level subscribers to invoke these admin level functions...
CVE-2022-0399
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the taxcolorsettype parameter before outputting it back in the berocketaplcolorlistener AJAX action's response, leading to a Reflected Cross-Site Scripting...