Lucene search
K

78 matches found

Patchstack
Patchstack
added 2023/09/13 12:0 a.m.7 views

WordPress Checkout Field Editor Plugin < 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Checkout Field Editor Type Plugin Vulnerable versions 1.7.5 Fixed in 1.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c60f262bf8c6 Credits foobar7 Required privilege...

7AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2023/09/11 12:0 a.m.121 views

Checkout Field Editor < 1.7.5 - Checkout Fields Update via CSRF

Description The plugin does not have CSRF check in place when updating checkout fields, which could allow attackers to make logged in users update them via a CSRF attack input type="hidden" name="fieldvalidation1" value="req...

7.1AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/09/11 12:0 a.m.7 views

Checkout Field Editor < 1.7.5 - Checkout Fields Update via CSRF

Description The plugin does not have CSRF check in place when updating checkout fields, which could allow attackers to make logged in users update them via a CSRF attack PoC...

6.9AI score
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2023/08/02 12:0 a.m.12 views

WordPress Checkout Field Editor (Checkout Manager) for WooCommerce Plugin < 1.8.0 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:themehigh:checkoutfieldeditorforwoocommerce"; if description...

7.2CVSS7AI score0.01141EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/03/07 12:0 a.m.14 views

WordPress WooCommerce Checkout Field Manager Plugin < 18.0 is vulnerable to Arbitrary File Upload

Software WooCommerce Checkout Field Manager Type Plugin Vulnerable versions 18.0 Fixed in 18.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-4328 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8dcb3ac5c4ef Credits cydave Required privilege...

9.8CVSS6.8AI score0.04427EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2023/03/06 2:15 p.m.3 views

CVE-2022-4328

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

9.8CVSS5.9AI score0.04427EPSS
Exploits2References1
NVD
NVD
added 2023/03/06 2:15 p.m.20 views

CVE-2022-4328

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

9.8CVSS9.7AI score0.04427EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/03/06 1:34 p.m.18 views

CVE-2022-4328 WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

9.9AI score0.04427EPSS
Exploits2References1
CVE
CVE
added 2023/03/06 1:34 p.m.102 views

CVE-2022-4328

The CVE-2022-4328 entry concerns the WordPress plugin WooCommerce Checkout Field Manager (before 18.0). The vulnerability arises from failure to validate uploaded files in the cfom_upload_file action, enabling unauthenticated remote arbitrary file uploads (e.g., PHP) to the server. Impact is desc...

9.8CVSS9.7AI score0.04427EPSS
In wildExploits2References1Affected Software1
CNNVD
CNNVD
added 2023/03/06 12:0 a.m.5 views

WordPress plugin WooCommerce Checkout Field Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Social Sharing is a social sharing plugin used in it.WordPress plugin is an applicatio...

9.8CVSS8.6AI score0.04427EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/02/13 12:0 a.m.44 views

WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload

The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server PoC 1. Install and activate woocommerce dependency, no setup required 2. Install and active the vulnerable plugin n-media-woocommerce-checkout-fields...

9.8CVSS9.4AI score0.04427EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/11/28 2:15 p.m.5 views

CVE-2022-3490

The Checkout Field Editor Checkout Manager for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2CVSS5.8AI score0.01141EPSS
Exploits2References1
CVE
CVE
added 2022/11/28 1:47 p.m.61 views

CVE-2022-3490

The CVE-2022-3490 entry concerns the WordPress WooCommerce plugin “Checkout Field Editor (Checkout Manager)” and affects versions prior to 1.8.0. The authenticated vulnerability arises from unserializing user input provided via the plugin settings, which an admin/high-privilege user can abuse to ...

7.2CVSS7AI score0.01141EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/28 1:47 p.m.9 views

CVE-2022-3490 Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

The Checkout Field Editor Checkout Manager for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.3AI score0.01141EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.5 views

WordPress plugin Checkout Field Editor for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WooCommerce WordPress plugin Checkout Field Editor Checkout Manager version 1.8.0 or earlier is...

7.2CVSS7.1AI score0.01141EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/11/07 12:0 a.m.22 views

WordPress Checkout Field Editor for WooCommerce plugin <= 1.7.2 - Auth PHP Object Injection vulnerability

Auth PHP Object Injection vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Checkout Field Editor for WooCommerce plugin versions = 1.7.2. Solution Update the WordPress Checkout Field Editor Checkout Manager for WooCommerce plugin to the latest available version at least 1.8.0...

3AI score0.01141EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/11/07 12:0 a.m.188 views

Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin class Evil public function wakeup : void die"Arbitrary...

7.2CVSS1.1AI score0.01141EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2016/07/26 12:0 a.m.12 views

Woo Custom Checkout Field <= 1.3.4 - CSRF & Stored XSS

Due to a lack of CSRF mitigation and entity encoding in the ccfinsert function found on line 118 of include/ccf.php and in the output generated by template/datagrid.php, it is possible to store and execute scripts in the context of an admin user. PoC...

1.3AI score
Exploits0References3Affected Software1
Rows per page
Query Builder