CVE-2024-1687 Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for authenticat...

CVE-2024-1687

CVE-2024-1687 (Thank You Page Customizer for WooCommerce – Increase Your Sales) is a WordPress plugin vulnerability reported by RH: The issue is unauthorized execution of shortcodes due to a missing capability check on get_text_editor_content() in all versions up to 1.1.2. Root cause: lack of pro...

PT-2024-18439 · WordPress · Yuki Theme

Name of the Vulnerable Software and Affected Versions: Yuki theme for WordPress versions up to, and including 1.3.14 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the reset customizer options function. This allows unauthenticated...

PT-2024-18000 · WordPress · Yuki Theme

Name of the Vulnerable Software and Affected Versions: Yuki theme for WordPress versions up to, and including, 1.3.13 Description: The issue allows authenticated attackers with subscriber-level access and above to reset the theme's settings due to a missing capability check on the reset customize...

WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Thank You Page Customizer for WooCommerce – Increase Your Sales Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1686 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Form Customizer: 1. Navigate to...

CVE-2023-48284

Cross-Site Request Forgery CSRF vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7...

CVE-2023-48284

The CVE-2023-48284 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Decorator – WooCommerce Email Customizer (versions up to 1.2.7). The underlying issue is CSRF due to insufficient anti-forgery protections (missing nonce validation) in multiple plugin act...

CVE-2023-48284 WordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7...

PT-2023-30759 · Woocommerce · Decorator – Woocommerce Email Customizer

Name of the Vulnerable Software and Affected Versions: Decorator – WooCommerce Email Customizer versions 1.2.7 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Decorator – WooCommerce Email Customizer, allowing unauthorized actions. This can be exploited through Cross...

WordPress GoHero Store Customizer for WooCommerce Plugin < 2.5 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:najeebmedia:personalizedwoocommercecartpage"; if description...

Permalinks Customizer <= 2.8.2 - Reflected Cross-Site Scripting

Description The Permalinks Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

WordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Decorator – WooCommerce Email Customizer Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-48284 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 73c25444dafc...

CVE-2023-47773

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

CVE-2023-47773

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

CVE-2023-47773 WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

CVE-2023-47773

CVE-2023-47773 : Reflected Cross-Site Scripting in the WordPress plugin Permalinks Customizer (YAS Global Team) versions

WordPress Plugin Permalinks Customizer Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...