Lucene search
K

6 matches found

CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

WordPress plugin Easy PayPal Events & Tickets 信任管理问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.7CVSS5.9AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/25 12:53 a.m.7 views

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

6.4CVSS6.7AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2025/06/23 12:15 p.m.5 views

CVE-2025-52920

Innoshop through 0.4.1 allows Insecure Direct Object Reference IDOR at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products...

6.4CVSS0.00265EPSS
Exploits0References2
CVE
CVE
added 2025/06/23 12:0 a.m.15 views

CVE-2025-52920

Innoshop (v0.4.1 and earlier) is affected by an IDOR vulnerability in the frontend store. The issue allows disclosure of other customers’ PII and deletion of their product reviews by manipulating IDs in endpoints such as /en/account/orders/{ORDER_ID} and /en/account/reviews/{REVIEW_ID}, or by alt...

6.4CVSS6.2AI score0.00265EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:53 a.m.7 views

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

5.4CVSS6.4AI score0.00466EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.4 views

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References6
Rows per page
Query Builder