159 matches found
Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Settings Import via CSRF
The plugin does not have CSRF check in place when importing its settings, which could allow attackers to make a logged in admin import them via a CSRF attack...
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Rule Type Migration discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.5. Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the latest...
Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Rule Type Migration via CSRF
The plugin does not have CSRF check when migrating rule types, which could allow attackers to make logged in admin perform such action via a CSRF attack...
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Import was discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.5. Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the...
WordPress AlgolPlus Advanced Dynamic Pricing for WooCommerce Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2022-38095
Cross-Site Request Forgery CSRF vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin = 4.1.3 at WordPress...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin = 4.1.3 at WordPress...
CVE-2022-38095
The CVE-2022-38095 entry concerns the WordPress plugin AlgolPlus Advanced Dynamic Pricing for WooCommerce (versions ≤ 4.1.3). Connected sources indicate a Cross-Site Request Forgery (CSRF) vulnerability arising from insufficient verification when updating settings, enabling actions authenticated ...
WordPress plugin AlgolPlus Advanced Dynamic Pricing for WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by Muhammad Daffa Patchstack Alliance in WordPress Advanced Dynamic Pricing for WooCommerce plugin versions = 4.1.3 Solution Update the WordPress Advanced Dynamic Pricing for WooCommerce plugin to the lates...
Advanced Dynamic Pricing for WooCommerce < 4.1.4 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress WooCommerce Dynamic Pricing and Discount Rules plugin <= 2.2.2 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Dynamic Pricing and Discount Rules plugin versions = 2.2.2. Solution Update the WordPress WooCommerce Dynamic Pricing and Discount Rules plugin to the latest available version at least 2.2.3...
WordPress WooCommerce Dynamic Pricing and Discount Rules plugin <= 2.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WooCommerce Dynamic Pricing and Discount Rules plugin versions = 2.2.2. Solution Update the WordPress WooCommerce Dynamic Pricing and Discount Rules plugin to the latest available version at least 2.2....
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing
A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato meanwhile allows e-tailers using...
WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export
The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. https://example.com/?rpwcdpdexportsettings=1...
WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Import to Stored XSS
The plugin does not have authorisation and CSRF checks on its import feature, nor sanitise or escape the imported settings. This could allow unauthenticated users to import arbitrary settings, and perform Stored Cross-Site Scripting attacks as well. Please note that v2.4.2 is still missing a CSRF...
WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export
The plugin does not have authorisation check on its export feature, allowing unauthenticated users to export them. PoC https://example.com/?rpwcdpdexportsettings=1...
WordPress WooCommerce Dynamic Pricing & Discounts premium plugin <= 2.4.1 - Unauthenticated Settings Import and Stored XSS vulnerability
Unauthenticated Settings Import and Stored XSS vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WooCommerce Dynamic Pricing & Discounts premium plugin versions = 2.4.1. Solution Update the WordPress WooCommerce Dynamic Pricing & Discounts premium plugin to the latest available...