39 matches found
CVE-2025-10162 OrderConvo < 14 - Unauthenticated Arbitrary File Read
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...
CVE-2025-10162 OrderConvo < 14 - Unauthenticated Arbitrary File Read
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...
EUVD-2025-32606
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...
CVE-2025-10162
The CVE-2025-10162 issue affects the OrderConvo WordPress plugin (Admin and Customer Messages After Order for WooCommerce) prior to v14. It stems from unvalidated file paths during downloads, enabling an unauthenticated attacker to read/download arbitrary files via a path traversal attack. Result...
WordPress plugin OrderConvo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2024-31303
Malicious code in bioql PyPI...
CVE-2024-13355
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...
CVE-2024-33566
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4...
CVE-2024-13355
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...
WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 代码问题漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Admin and Customer Messag...
WordPress OrderConvo plugin <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting vulnerability
Authenticated Subscriber+ Limited File Upload to Cross-Site Scripting vulnerability discovered by 1337Wannabe in WordPress Plugin OrderConvo versions = 13.2...
OrderConvo < 12.5 - Missing Authorization to Arbitrary File Upload
Description The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on a REST API endpoint in all versions up to, and including, 12.4. This makes it possible for unauthenticated attacker...
CVE-2024-33566
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4...
CVE-2024-33566
CVE-2024-33566 affects the Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin (OrderConvo). Public sources in connected docs confirm a Missing Authorization vulnerability that enables OS Command Injection, with the issue affecting OrderConvo versions up to 12.4. Red Hat no...
CVE-2024-33566 WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4...
CVE-2024-33566 WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4...
WordPress plugin OrderConvo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability
Unauthenticated API Access to Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin OrderConvo versions = 12.4...
WordPress OrderConvo Plugin <= 12.4 is vulnerable to Broken Access Control
Software OrderConvo Type Plugin Vulnerable versions = 12.4 Fixed in 12.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33566 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4b06d9f3f95 Credits Rafie Muhammad Patchstack Required...