Lucene search
K

59 matches found

Patchstack
Patchstack
added 2023/11/03 12:0 a.m.15 views

WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kadence WooCommerce Email Designer Type Plugin Vulnerable versions = 1.5.11 Fixed in 1.5.12 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47186 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d7f0bae8b697 Credit...

8.8CVSS6.6AI score0.00234EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/01/02 10:15 p.m.24 views

CVE-2022-3860

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...

8.8CVSS9AI score0.00907EPSS
Exploits2References1
OSV
OSV
added 2023/01/02 10:15 p.m.4 views

CVE-2022-3860

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...

8.8CVSS5.8AI score0.00907EPSS
Exploits2References1
Prion
Prion
added 2023/01/02 10:15 p.m.17 views

Sql injection

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...

6.5CVSS8.9AI score0.00907EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/01/02 9:53 p.m.63 views

CVE-2022-3860

The CVE-2022-3860 entry concerns Visual Email Designer for WooCommerce (WordPress plugin)

8.8CVSS9AI score0.00907EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/02 9:53 p.m.8 views

CVE-2022-3860 Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...

9AI score0.00907EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/02 12:0 a.m.6 views

WordPress plugin Visual Email Designer for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

8.8CVSS8.1AI score0.00907EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/01/02 12:0 a.m.7 views

PT-2023-13620 · WordPress · Visual Email Designer For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Visual Email Designer for WooCommerce WordPress plugin versions prior to 1.7.2 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL...

8.8CVSS7.9AI score0.00907EPSS
Exploits2References5
WPVulnDB
WPVulnDB
added 2022/12/09 12:0 a.m.22 views

Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. PoC action=INSERT HERE NAME OF...

8.8CVSS1.2AI score0.00907EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/09 12:0 a.m.514 views

Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author. action=INSERT HERE NAME OF...

8.8CVSS1.5AI score0.00907EPSS
Exploits2
OSV
OSV
added 2022/10/25 5:15 p.m.3 views

CVE-2022-3335

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

7.2CVSS5.8AI score0.0115EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.34 views

CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

7.2AI score0.0115EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.5 views

WordPress plugin Kadence WooCommerce Email Designer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

7.2CVSS7.2AI score0.0115EPSS
Exploits2References2
CVE
CVE
added 2022/10/25 12:0 a.m.86 views

CVE-2022-3335

The CVE-2022-3335 entry concerns the Kadence WooCommerce Email Designer WordPress plugin, affected versions prior to 1.5.7. The root cause is the unserialization of the content of an imported file, which can enable PHP object injection when an admin imports a malicious file and a suitable gadget ...

7.2CVSS7AI score0.0115EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.7 views

CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

7AI score0.0115EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.11 views

PT-2022-21774 · WordPress · Kadence Woocommerce Email Designer

Name of the Vulnerable Software and Affected Versions: Kadence WooCommerce Email Designer WordPress plugin versions prior to 1.5.7 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when an admin imports a...

7.2CVSS6.9AI score0.0115EPSS
Exploits2References5
Patchstack
Patchstack
added 2022/10/03 12:0 a.m.57 views

WordPress Kadence WooCommerce Email Designer plugin <= 1.5.6 - Authenticated PHP Objection Injection vulnerability

Authenticated PHP Objection Injection vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Kadence WooCommerce Email Designer plugin versions = 1.5.6. Solution Update the WordPress Kadence WooCommerce Email Designer plugin to the latest available version at least 1.5.7...

7.2CVSS2.9AI score0.0115EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/03 12:0 a.m.27 views

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin class Evil...

7.2CVSS0.5AI score0.0115EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/10/03 12:0 a.m.479 views

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

7.2CVSS0.2AI score0.0115EPSS
Exploits2
Rows per page
Query Builder