WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by johska in WordPress Plugin Automated FedEx live/manual rates with shipping labels versions = 5.1.8...

EUVD-2024-29801

Malicious code in bioql PyPI...

EUVD-2024-29802

Malicious code in bioql PyPI...

PT-2024-39436 · WordPress · Woocommerce Ups Shipping – Live Rates/Access Points

Name of the Vulnerable Software and Affected Versions: WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress versions up to, and including, 2.3.11 Description: The issue allows authenticated attackers with Subscriber-level access and above to delete the plugin's API key due...

WordPress UPS Live Rates and Access Points plugin <= 2.3.11 - Missing Authorization to Plugin API key reset vulnerability

Missing Authorization to Plugin API key reset vulnerability discovered by Peter Thaleikis in WordPress Plugin WooCommerce UPS Shipping – Live Rates and Access Points versions = 2.3.11...

WordPress WooCommerce UPS Shipping – Live Rates and Access Points Plugin <= 2.3.11 is vulnerable to Broken Access Control

Software WooCommerce UPS Shipping – Live Rates and Access Points Type Plugin Vulnerable versions = 2.3.11 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9109 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b3cccbff59...

CVE-2024-32811 WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4...

CVE-2024-32811

CVE-2024-32811 affects the WordPress plugin USPS Shipping for WooCommerce – Live Rates by Octolize. It exposes sensitive information via log files when logging data (Insertion of Sensitive Information into Log File). Affected versions are from n/a through 1.9.4. CVSS v3.1 base score 5.3 (Network,...

CVE-2024-32811 WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4...

WordPress plugin USPS Shipping for WooCommerce - Live Rates Log Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin USPS Shipping for...

USPS Shipping for WooCommerce – Live Rates < 1.10.0 - Sensitive Information Exposure

Description The USPS Shipping for WooCommerce – Live Rates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.4 via log files. This makes it possible for unauthenticated users to extract potentially sensitive information from log files...

WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin USPS Shipping for WooCommerce – Live Rates versions = 1.9.4...

USPS Shipping for WooCommerce – Live Rates < 1.9.3 - Cross-Site Request Forgery

Description The USPS Shipping for WooCommerce – Live Rates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attacker...

CVE-2024-31944

Cross-Site Request Forgery CSRF vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4...

CVE-2024-31943

Cross-Site Request Forgery CSRF vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2...

CVE-2024-31944 WordPress WooCommerce UPS Shipping plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4...

WordPress WooCommerce UPS Shipping plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin WooCommerce UPS Shipping – Live Rates and Access Points versions = 2.2.4...

WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin USPS Shipping for WooCommerce – Live Rates versions = 1.9.2...

PT-2024-24309 · Woocommerce · Woocommerce Ups Shipping – Live Rates/Access Points

Name of the Vulnerable Software and Affected Versions: WooCommerce UPS Shipping – Live Rates and Access Points versions through 2.2.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...