CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...

PT-2024-12111 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to run arbitrary code via the File Manager/Editor component in the vendor or admin menu. This is a result of a File Upload vulnerability. Recommendations: For...

CVE-2023-26687

CVE-2023-26687 concerns CS-Cart MultiVendor 4.16.1, where a Directory Traversal flaw in the PDF Add-on allows remote attackers to obtain sensitive information via the product_data parameter. The vulnerability affects the PDF Add-on handling of that parameter, enabling access to files/directories ...

CVE-2023-26689

Summary: CVE-2023-26689 affects CS-Cart MultiVendor 4.16.1, where an attacker can alter arbitrary user account profiles via crafted POST requests. Root cause: insufficient authorization for profile editing. Impact is high (CVE score 9.8). Remediation guidance from related sources suggests disabli...

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

PT-2024-12107 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to run arbitrary code via the image upload feature when customizing a shop. This is a result of a File Upload vulnerability. Recommendations: For CS-Cart...

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...

CVE-2023-26686

CVE-2023-26686 : CS-Cart MultiVendor 4.16.1 has a file-upload vulnerability in the image upload feature used during shop customization, enabling remote attackers to execute arbitrary code. The root cause is not explicitly detailed beyond noting a file upload flaw; no exploitation specifics or mit...

CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...

CVE-2023-26690

CVE-2023-26690 affects CS-Cart MultiVendor 4.16.1. A File Upload vulnerability in the File Manager/Editor component accessible from vendor or admin menus allows remote code execution by unauthenticated/low-privileged vectors per the reported description. Multiple sources (NVD, Red Hat, CNNVD, CVE...

CVE-2023-26688

CVE-2023-26688 pertains to CS-Cart MultiVendor 4.16.1, where a Cross Site Scripting (XSS) flaw exists in the administration interface. The vulnerability is triggered via the product_data parameter in the add/edit product workflow, potentially allowing remote attackers to execute arbitrary code. T...

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

CVE-2024-5259

CVE-2024-5259 affects the MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress. It allows Stored XSS via the hover_animation parameter in all versions up to 4.1.11, enabling authenticated attackers with Contributor-level access or higher to inject scripts o...

CVE-2023-26525

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own...

CVE-2023-34382

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19...

CVE-2023-34382

The Dokan WordPress plugin (Dokan – Best WooCommerce Multivendor Marketplace Solution) is affected up to version 3.7.19. The issue is a PHP Object Injection due to insecure deserialization of untrusted data in the plugin’s codebase. This vulnerability can impact confidentiality, integrity, and av...

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...