20 matches found
EUVD-2022-50349
Malicious code in bioql PyPI...
CVE-2024-6687
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender a...
CVE-2022-47589
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in this.Functional CTT Expresso para WooCommerce plugin = 3.2.11 versions...
CVE-2024-6478
The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...
CVE-2024-6478
The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...
CVE-2024-6478
The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...
CVE-2024-6478 CTT Expresso para WooCommerce < 3.2.13 - Admin+ Stored XSS
The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...
CVE-2024-6478
The CVE-2024-6478 entry covers the WordPress plugin “CTT Expresso para WooCommerce” prior to version 3.2.13. The issue arises from insufficient sanitisation/escaping of certain settings, allowing high-privilege users (e.g., admins) to perform Stored XSS, even when unfiltered_html is disallowed (s...
CVE-2024-6478 CTT Expresso para WooCommerce < 3.2.13 - Admin+ Stored XSS
The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...
PT-2025-21482 · WordPress · Ctt Expresso Para Woocommerce
Name of the Vulnerable Software and Affected Versions: CTT Expresso para WooCommerce WordPress plugin versions prior to 3.2.13 Description: The issue concerns the CTT Expresso para WooCommerce WordPress plugin, where certain settings are not properly sanitised and escaped. This could allow...
CVE-2024-6687
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender a...
CVE-2024-6687 CTT Expresso para WooCommerce <= 3.2.12 - Information Exposure via Unprotected Directory
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender a...
CVE-2024-6687
CVE-2024-6687 affects the WordPress plugin CTT Expresso para WooCommerce (versions ≤ 3.2.12). The flaw exposes sensitive data via /wp-content/uploads/cepw, where generated .pdf and log files containing sender/receiver names, phone numbers, physical addresses, and email addresses are publicly acce...
CVE-2024-6687 CTT Expresso para WooCommerce <= 3.2.12 - Information Exposure via Unprotected Directory
The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender a...
WordPress CTT Expresso para WooCommerce Plugin <= 3.2.12 is vulnerable to Sensitive Data Exposure
Software CTT Expresso para WooCommerce Type Plugin Vulnerable versions = 3.2.12 Fixed in 3.2.13 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6687 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 27468c538b68 Credits Ricardo...
WordPress plugin CTT Expresso para WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2022-47589
This CVE affects the WordPress plugin “CTT Expresso para WooCommerce” (vulnerable
CVE-2022-47589 WordPress CTT Expresso para WooCommerce Plugin <= 3.2.11 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in this.Functional CTT Expresso para WooCommerce plugin = 3.2.11 versions...
WordPress Plugin CTT Expresso para WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress CTT Expresso para WooCommerce Plugin <= 3.2.11 is vulnerable to Cross Site Scripting (XSS)
Software CTT Expresso para WooCommerce Type Plugin Vulnerable versions = 3.2.11 Fixed in 3.2.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47589 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4e6fc34224a8 Credits Team...