CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

NVD•added 2024/04/30 3:15 p.m.•13 views

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

7.5CVSS6.1AI score0.00986EPSS

Exploits0References2

Positive Technologies•added 2024/04/30 12:0 a.m.•6 views

PT-2024-25185 · Unknown · Fme Modules Customfields

Name of the Vulnerable Software and Affected Versions: FME Modules customfields versions 2.2.7 and before Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via the "Custom Checkout Fields, Add Custom Fields to Checkout" parameter of the "ajax.php"...

7.5CVSS6.9AI score0.00986EPSS

Exploits0References6

Vulnrichment•added 2024/04/30 12:0 a.m.•15 views

CVE-2024-33274

6.7AI score0.00986EPSS

Exploits0References2

CVE•added 2024/04/30 12:0 a.m.•46 views

CVE-2024-33274

CVE-2024-33274 describes a Directory Traversal in PrestaShop’s FME Modules customfields (v2.2.7 and earlier). The vulnerability is triggered via the ajax.php endpoint’s parameter referenced as "Custom Checkout Fields, Add Custom Fields to Checkout", allowing a remote attacker to obtain sensitive ...

7.5CVSS6.3AI score0.00986EPSS

Exploits0References2

Patchstack•added 2024/04/05 8:4 a.m.•3 views

WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Flexible Checkout Fields for WooCommerce versions = 4.1.2...

8.8CVSS7AI score0.00323EPSS

Exploits0Affected Software1

WPVulnDB•added 2024/04/03 12:0 a.m.•18 views

Custom WooCommerce Checkout Fields Editor < 1.3.1 - Cross-Site Request Forgery

Description The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized...

4.3CVSS6.5AI score0.00212EPSS

Exploits0References1Affected Software1

NVD•added 2024/03/29 4:15 p.m.•11 views

CVE-2024-30518

Cross-Site Request Forgery CSRF vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0...

4.3CVSS4.6AI score0.00212EPSS

Exploits0References1

Vulnrichment•added 2024/03/29 3:54 p.m.•12 views

CVE-2024-30518 WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0...

4.3CVSS7AI score0.00212EPSS

Exploits0References1

CVE•added 2024/03/29 3:54 p.m.•64 views

CVE-2024-30518

Technical details about CVE-2024-30518 are not provided in the supplied documents. The data confirms a CSRF issue in ThemeLocation Custom WooCommerce Checkout Fields Editor (versions

4.3CVSS8.6AI score0.00212EPSS

Exploits0References1

CNNVD•added 2024/03/29 12:0 a.m.•3 views

WordPress Plugin Custom WooCommerce Checkout Fields Editor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin Custom WooCommerce Checkout Fields...

4.3CVSS8.2AI score0.00212EPSS

Exploits0References2

Patchstack•added 2024/03/28 12:0 a.m.•10 views

WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30518 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1753adeaf82a...

4.3CVSS6.6AI score0.00212EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/03/25 12:0 a.m.•17 views

WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1697 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 655df2bce9e7...

6.4CVSS5.6AI score0.0043EPSS

Exploits0References3Affected Software1

OSV•added 2024/03/23 2:15 a.m.•3 views

CVE-2024-1697

The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the savewcfeoptions function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.0043EPSS

Exploits0References3

NVD•added 2024/03/23 2:15 a.m.•22 views

CVE-2024-1697

6.4CVSS5.7AI score0.0043EPSS

Exploits0References3

CNNVD•added 2024/03/23 12:0 a.m.•3 views

WordPress Plugin Custom WooCommerce Checkout Fields Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS7.9AI score0.0043EPSS

Exploits0References4

Positive Technologies•added 2024/03/22 12:0 a.m.•4 views

PT-2024-18232 · WordPress · Custom Woocommerce Checkout Fields Editor

Name of the Vulnerable Software and Affected Versions: Custom WooCommerce Checkout Fields Editor plugin for WordPress versions up to, and including, 1.3.1 Description: The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save wcfe...

6.4CVSS8.2AI score0.0043EPSS

Exploits0References9

WPVulnDB•added 2023/11/24 12:0 a.m.•6 views

Checkout Field Editor < 1.7.5 - Cross-Site Request Forgery to Checkout Fields Update

Description The Checkout Field Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.4. This is due to missing nonce validation when updating checkout fields. This makes it possible for unauthenticated attackers to update checkout fields via...

6.7AI score

Exploits0References1Affected Software1

WPVulnDB•added 2023/09/11 12:0 a.m.•7 views

Checkout Field Editor < 1.7.5 - Checkout Fields Update via CSRF

Description The plugin does not have CSRF check in place when updating checkout fields, which could allow attackers to make logged in users update them via a CSRF attack PoC...

6.9AI score

Exploits0References1Affected Software1

OSV•added 2023/07/31 10:15 a.m.•2 views

CVE-2022-4888

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...

6.5CVSS5.8AI score0.00269EPSS

Exploits2References1

Positive Technologies•added 2023/07/31 12:0 a.m.•4 views

PT-2023-15899 · WordPress · Checkout Fields Manager +12

Name of the Vulnerable Software and Affected Versions: Checkout Fields Manager WordPress plugin versions prior to 1.0.2 Abandoned Cart Recovery WordPress plugin versions prior to 1.2.5 Custom Fields for WooCommerce WordPress plugin versions prior to 1.0.4 Custom Order Number WordPress plugin...

6.5CVSS8.8AI score0.00269EPSS

Exploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by