78 matches found
WordPress Checkout Field Editor Plugin < 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Checkout Field Editor Type Plugin Vulnerable versions 1.7.5 Fixed in 1.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c60f262bf8c6 Credits foobar7 Required privilege...
Checkout Field Editor < 1.7.5 - Checkout Fields Update via CSRF
Description The plugin does not have CSRF check in place when updating checkout fields, which could allow attackers to make logged in users update them via a CSRF attack input type="hidden" name="fieldvalidation1" value="req...
Checkout Field Editor < 1.7.5 - Checkout Fields Update via CSRF
Description The plugin does not have CSRF check in place when updating checkout fields, which could allow attackers to make logged in users update them via a CSRF attack PoC...
WordPress Checkout Field Editor (Checkout Manager) for WooCommerce Plugin < 1.8.0 PHP Object Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:themehigh:checkoutfieldeditorforwoocommerce"; if description...
WordPress WooCommerce Checkout Field Manager Plugin < 18.0 is vulnerable to Arbitrary File Upload
Software WooCommerce Checkout Field Manager Type Plugin Vulnerable versions 18.0 Fixed in 18.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2022-4328 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 8dcb3ac5c4ef Credits cydave Required privilege...
CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
CVE-2022-4328 WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...
CVE-2022-4328
The CVE-2022-4328 entry concerns the WordPress plugin WooCommerce Checkout Field Manager (before 18.0). The vulnerability arises from failure to validate uploaded files in the cfom_upload_file action, enabling unauthenticated remote arbitrary file uploads (e.g., PHP) to the server. Impact is desc...
WordPress plugin WooCommerce Checkout Field Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Social Sharing is a social sharing plugin used in it.WordPress plugin is an applicatio...
WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server PoC 1. Install and activate woocommerce dependency, no setup required 2. Install and active the vulnerable plugin n-media-woocommerce-checkout-fields...
CVE-2022-3490
The Checkout Field Editor Checkout Manager for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-3490
The CVE-2022-3490 entry concerns the WordPress WooCommerce plugin “Checkout Field Editor (Checkout Manager)” and affects versions prior to 1.8.0. The authenticated vulnerability arises from unserializing user input provided via the plugin settings, which an admin/high-privilege user can abuse to ...
CVE-2022-3490 Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection
The Checkout Field Editor Checkout Manager for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
WordPress plugin Checkout Field Editor for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WooCommerce WordPress plugin Checkout Field Editor Checkout Manager version 1.8.0 or earlier is...
WordPress Checkout Field Editor for WooCommerce plugin <= 1.7.2 - Auth PHP Object Injection vulnerability
Auth PHP Object Injection vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Checkout Field Editor for WooCommerce plugin versions = 1.7.2. Solution Update the WordPress Checkout Field Editor Checkout Manager for WooCommerce plugin to the latest available version at least 1.8.0...
Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection
The plugin unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present To simulate a gadget chain, put the following code in a plugin class Evil public function wakeup : void die"Arbitrary...
Woo Custom Checkout Field <= 1.3.4 - CSRF & Stored XSS
Due to a lack of CSRF mitigation and entity encoding in the ccfinsert function found on line 118 of include/ccf.php and in the output generated by template/datagrid.php, it is possible to store and execute scripts in the context of an admin user. PoC...