21 matches found
CVE-2023-4216
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
EUVD-2021-11974
Malware in sbrugna...
EUVD-2023-54090
Malicious code in bioql PyPI...
CVE-2024-4039
The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running doshortcode...
WordPress plugin The Orders Tracking for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2024-4039
CVE-2024-4039 affects Orders Tracking for WooCommerce (WordPress). Unauthenticated attackers can exploit arbitrary shortcode execution via an action that calls do_shortcode without proper validation, impacting all versions up to 1.2.10. A partial patch arrived in 1.2.10 and a full patch in 1.2.11...
CVE-2024-4039 Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution
The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running doshortcode...
WordPress Orders Tracking for WooCommerce plugin <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Orders Tracking for WooCommerce versions = 1.2.10...
PT-2024-28822 · WordPress · Orders Tracking For Woocommerce
Name of the Vulnerable Software and Affected Versions: The Orders Tracking for WooCommerce plugin for WordPress versions up to 1.2.10 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the plugin not properly validating a value before running do...
WordPress Orders Tracking for WooCommerce Plugin <= 1.2.10 is vulnerable to Broken Access Control
Software Orders Tracking for WooCommerce Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4039 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID da05ab03734d Credits...
CVE-2023-4216
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
CVE-2023-4216
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
CVE-2023-4216 Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
CVE-2023-4216
CVE-2023-4216 relates to the WordPress plugin Orders Tracking for WooCommerce (admin-facing) prior to version 1.2.6. The vulnerability stems from inadequate validation of the file_url parameter during CSV import, enabling a high-privilege administrator (manage_woocommerce) to perform a directory ...
PT-2023-28284 · WordPress · Orders Tracking For Woocommerce
Name of the Vulnerable Software and Affected Versions: Orders Tracking for WooCommerce WordPress plugin version 1.2.5 and earlier Description: The issue allows high privilege users with the manage woocommerce capability to access any file on the web server via a Traversal attack when importing a...
WordPress plugin Orders Tracking for WooCommerce path traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability in the...
WordPress Orders Tracking for WooCommerce Plugin < 1.2.6 is vulnerable to Directory Traversal
Software Orders Tracking for WooCommerce Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-4216 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID bbc237527e13 Credits Utkarsh Agrawal Required...
CVE-2021-25062
The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the fileurl before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2021-25062
The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the fileurl before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2021-25062
CVE-2021-25062 affects the Orders Tracking for WooCommerce WordPress plugin prior to 1.1.10. The vulnerability stems from insufficient sanitisation/escaping of the file_url in admin-page output, enabling Reflected Cross-Site Scripting. Impact is client-side script execution within the admin conte...