Lucene search
K

39 matches found

Vulnrichment
Vulnrichment
added 2025/10/07 6:0 a.m.7 views

CVE-2025-10162 OrderConvo < 14 - Unauthenticated Arbitrary File Read

The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...

6.5AI score0.03632EPSS
Exploits4References1
Cvelist
Cvelist
added 2025/10/07 6:0 a.m.113 views

CVE-2025-10162 OrderConvo < 14 - Unauthenticated Arbitrary File Read

The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...

0.03632EPSS
Exploits4References1
EUVD
EUVD
added 2025/10/07 6:0 a.m.7 views

EUVD-2025-32606

The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...

7.5CVSS6.4AI score0.03632EPSS
Exploits4References3
CVE
CVE
added 2025/10/07 6:0 a.m.47 views

CVE-2025-10162

The CVE-2025-10162 issue affects the OrderConvo WordPress plugin (Admin and Customer Messages After Order for WooCommerce) prior to v14. It stems from unvalidated file paths during downloads, enabling an unauthenticated attacker to read/download arbitrary files via a path traversal attack. Result...

7.5CVSS6.5AI score0.03632EPSS
Exploits4References1
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.7 views

WordPress plugin OrderConvo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.5CVSS6.6AI score0.03632EPSS
Exploits4References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-31303

Malicious code in bioql PyPI...

10CVSS6.5AI score0.01071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:5 a.m.5 views

CVE-2024-13355

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...

5.4CVSS7AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:48 a.m.5 views

CVE-2024-33566

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4...

10CVSS5.2AI score0.01071EPSS
Exploits0References1
NVD
NVD
added 2025/01/16 10:15 a.m.13 views

CVE-2024-13355

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...

5.4CVSS0.00357EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.5 views

WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Admin and Customer Messag...

5.4CVSS8.3AI score0.00357EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/15 9:42 p.m.3 views

WordPress OrderConvo plugin <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting vulnerability

Authenticated Subscriber+ Limited File Upload to Cross-Site Scripting vulnerability discovered by 1337Wannabe in WordPress Plugin OrderConvo versions = 13.2...

5.4CVSS6.3AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.12 views

OrderConvo < 12.5 - Missing Authorization to Arbitrary File Upload

Description The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on a REST API endpoint in all versions up to, and including, 12.4. This makes it possible for unauthenticated attacker...

10CVSS8.2AI score0.01071EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/29 8:15 a.m.15 views

CVE-2024-33566

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4...

10CVSS9.6AI score0.01071EPSS
Exploits0References1
CVE
CVE
added 2024/04/29 7:58 a.m.90 views

CVE-2024-33566

CVE-2024-33566 affects the Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin (OrderConvo). Public sources in connected docs confirm a Missing Authorization vulnerability that enables OS Command Injection, with the issue affecting OrderConvo versions up to 12.4. Red Hat no...

10CVSS5.2AI score0.01071EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/29 7:58 a.m.11 views

CVE-2024-33566 WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4...

10CVSS7AI score0.01071EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/29 7:58 a.m.23 views

CVE-2024-33566 WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4...

10CVSS9.8AI score0.01071EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.3 views

WordPress plugin OrderConvo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

10CVSS6.7AI score0.01071EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/25 1:17 p.m.4 views

WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability

Unauthenticated API Access to Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin OrderConvo versions = 12.4...

10CVSS7AI score0.01071EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.15 views

WordPress OrderConvo Plugin <= 12.4 is vulnerable to Broken Access Control

Software OrderConvo Type Plugin Vulnerable versions = 12.4 Fixed in 12.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33566 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c4b06d9f3f95 Credits Rafie Muhammad Patchstack Required...

10CVSS6.5AI score0.01071EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder