Lucene search
K

117 matches found

Patchstack
Patchstack
added 2023/01/27 12:0 a.m.10 views

WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce PDF Invoices & Packing Slips Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47148 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 00a0d1fb8074...

4.3CVSS6.7AI score0.00231EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2022/10/05 12:0 a.m.10 views

WordPress WooCommerce PDF Invoices & Packing Slips Plugin < 2.16.0 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS6.4AI score0.0068EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2022/10/04 12:0 a.m.20 views

WordPress WooCommerce PDF Invoices & Packing Slips Plugin < 2.10.5 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

4.8CVSS5.5AI score0.01188EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2022/10/04 12:0 a.m.16 views

WordPress WooCommerce PDF Invoices & Packing Slips Plugin 2.14.x < 3.0.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpovernight:woocommercepdfinvoices%26packingslips";...

5.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/29 6:15 p.m.4 views

CVE-2022-2537

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.0055EPSS
Exploits2References2
NVD
NVD
added 2022/08/29 6:15 p.m.38 views

CVE-2022-2537

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting...

6.1CVSS0.0055EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/08/29 5:15 p.m.37 views

CVE-2022-2537 WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting...

6.3AI score0.0055EPSS
Exploits2References1
CVE
CVE
added 2022/08/29 5:15 p.m.115 views

CVE-2022-2537

The CVE-2022-2537 issue affects the WordPress plugin WooCommerce PDF Invoices & Packing Slips prior to version 3.0.1. The vulnerability is Reflected Cross-Site Scripting (XSS) caused by not sanitising and escaping certain parameters before outputting them back into an admin page attribute. Affect...

6.1CVSS6.1AI score0.0055EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.6 views

WordPress plugin WooCommerce PDF Invoices & Packing Slips 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plug-in. A cross-site scripting vulnerability...

6.1CVSS6.1AI score0.0055EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/08/03 12:0 a.m.18 views

WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. This is a re-introduction of CVE-2021-24991 in 2.14.0 PoC...

6.1CVSS0.5AI score0.01188EPSS
Exploits4Affected Software1
wpexploit
wpexploit
added 2022/08/03 12:0 a.m.143 views

WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. This is a re-introduction of CVE-2021-24991 in 2.14.0...

6.1CVSS1.5AI score0.01188EPSS
Exploits4
Patchstack
Patchstack
added 2022/08/03 12:0 a.m.34 views

WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 3.0.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WooCommerce PDF Invoices & Packing Slips plugin versions = 3.0.0. Solution Update the WordPress WooCommerce PDF Invoices & Packing Slips plugin to the latest available version at least 3.0.1...

6.1CVSS3.2AI score0.0055EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2022/07/11 1:15 p.m.2 views

CVE-2022-2092

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks...

6.1CVSS5.7AI score0.0068EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/07/11 12:57 p.m.17 views

CVE-2022-2092 WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks...

6.2AI score0.0068EPSS
Exploits2References1
CVE
CVE
added 2022/07/11 12:57 p.m.58 views

CVE-2022-2092

CVE-2022-2092 affects the WooCommerce PDF Invoices & Packing Slips WordPress plugin prior to 2.16.0. The setting page fails to escape a user-supplied parameter, enabling reflected cross-site scripting attacks. Affected product is the WordPress plugin; root cause is lack of proper input escaping o...

6.1CVSS6AI score0.0068EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.4 views

WordPress plugin WooCommerce PDF Invoices & Packing Slips 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WooCommerce PDF Invoices...

6.1CVSS5.5AI score0.0068EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/06/20 12:0 a.m.13 views

WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting

The plugin doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. PoC https://example.com/wp-admin/admin.php?page=wpowcpdfoptionspage=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22...

6.1CVSS1.9AI score0.0068EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/06/20 12:0 a.m.23 views

WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 2.15.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress WooCommerce PDF Invoices & Packing Slips plugin versions = 2.15.0. Solution Update the WordPress WooCommerce PDF Invoices & Packing Slips plugin to the latest available version at lea...

6.1CVSS2.5AI score0.0068EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/06/20 12:0 a.m.164 views

WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting

The plugin doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. https://example.com/wp-admin/admin.php?page=wpowcpdfoptionspage&preview=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22...

6.1CVSS2.4AI score0.0068EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.119 views

WooCommerce PDF Invoices & Packing Slips < 2.15.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=wpowcpdfoptionspage&tab=documents&section=invoice&"alert/XSS/...

1AI score
Exploits0
Rows per page
Query Builder