Lucene search
K

159 matches found

WPVulnDB
WPVulnDB
added 2022/10/30 12:0 a.m.23 views

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Settings Import via CSRF

The plugin does not have CSRF check in place when importing its settings, which could allow attackers to make a logged in admin import them via a CSRF attack...

5.4CVSS5.6AI score0.00277EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/30 12:0 a.m.28 views

WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Rule Type Migration discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.5. Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the latest...

5.4CVSS3.8AI score0.00243EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/30 12:0 a.m.26 views

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Rule Type Migration via CSRF

The plugin does not have CSRF check when migrating rule types, which could allow attackers to make logged in admin perform such action via a CSRF attack...

5.4CVSS5AI score0.00243EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/30 12:0 a.m.29 views

WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Import was discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.5. Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the...

5.4CVSS3.8AI score0.00277EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/09/28 12:0 a.m.18 views

WordPress AlgolPlus Advanced Dynamic Pricing for WooCommerce Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

5.4CVSS4.7AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2022/09/23 2:15 p.m.5 views

CVE-2022-38095

Cross-Site Request Forgery CSRF vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin = 4.1.3 at WordPress...

4.3CVSS5.8AI score0.00269EPSS
Exploits0References2
Prion
Prion
added 2022/09/23 2:15 p.m.20 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin = 4.1.3 at WordPress...

4.3CVSS4.8AI score0.00269EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/09/23 1:41 p.m.82 views

CVE-2022-38095

The CVE-2022-38095 entry concerns the WordPress plugin AlgolPlus Advanced Dynamic Pricing for WooCommerce (versions ≤ 4.1.3). Connected sources indicate a Cross-Site Request Forgery (CSRF) vulnerability arising from insufficient verification when updating settings, enabling actions authenticated ...

5.4CVSS4.8AI score0.00269EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.5 views

WordPress plugin AlgolPlus Advanced Dynamic Pricing for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

5.4CVSS6.7AI score0.00269EPSS
Exploits0References3
Patchstack
Patchstack
added 2022/09/14 12:0 a.m.28 views

WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.3 Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the lates...

5.4CVSS3.8AI score0.00269EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/14 12:0 a.m.16 views

Advanced Dynamic Pricing for WooCommerce < 4.1.4 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS4.8AI score0.00269EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.8 views

WordPress plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS6.9AI score0.00313EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.6 views

WordPress WooCommerce Dynamic Pricing and Discount Rules plugin <= 2.2.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Dynamic Pricing and Discount Rules plugin versions = 2.2.2. Solution Update the WordPress WooCommerce Dynamic Pricing and Discount Rules plugin to the latest available version at least 2.2.3...

2.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.7 views

WordPress WooCommerce Dynamic Pricing and Discount Rules plugin <= 2.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WooCommerce Dynamic Pricing and Discount Rules plugin versions = 2.2.2. Solution Update the WordPress WooCommerce Dynamic Pricing and Discount Rules plugin to the latest available version at least 2.2....

4.1AI score
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2021/09/13 6:8 p.m.33 views

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato meanwhile allows e-tailers using...

7.3AI score
Exploits0References8
wpexploit
wpexploit
added 2021/08/31 12:0 a.m.101 views

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. https://example.com/?rpwcdpdexportsettings=1...

2.8AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2021/08/31 12:0 a.m.10 views

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Import to Stored XSS

The plugin does not have authorisation and CSRF checks on its import feature, nor sanitise or escape the imported settings. This could allow unauthenticated users to import arbitrary settings, and perform Stored Cross-Site Scripting attacks as well. Please note that v2.4.2 is still missing a CSRF...

2.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/31 12:0 a.m.13 views

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. PoC https://example.com/?rpwcdpdexportsettings=1...

1.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/08/31 12:0 a.m.12 views

WordPress WooCommerce Dynamic Pricing & Discounts premium plugin <= 2.4.1 - Unauthenticated Settings Import and Stored XSS vulnerability

Unauthenticated Settings Import and Stored XSS vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WooCommerce Dynamic Pricing & Discounts premium plugin versions = 2.4.1. Solution Update the WordPress WooCommerce Dynamic Pricing & Discounts premium plugin to the latest available...

2.8AI score
Exploits0References2Affected Software1
Rows per page
Query Builder