77 matches found
CVE-2024-12315
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in t...
CVE-2024-7386
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund function. This makes it possible for unauthenticated attackers to perform...
CVE-2024-7386 Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund function. This makes it possible for unauthenticated attackers to perform...
refunds-app.com Improper Access Control vulnerability OBB-3808991
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-45066
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1...
CVE-2023-45066 WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1...
WordPress Plugin Export All Posts, Products, Orders, Refunds & Users Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-29385 · Unknown · Smackcoders Export All Posts
Name of the Vulnerable Software and Affected Versions: Smackcoders Export All Posts, Products, Orders, Refunds & Users versions n/a through 2.4.1 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data can be...
FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring
The U.S. Federal Trade Commission FTC has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. This comprises a $25 million penalty for breaching children's privacy laws by retaining their Alexa voice recordings for...
FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring
The U.S. Federal Trade Commission FTC has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. This comprises a $25 million penalty for breaching children's privacy laws by retaining their Alexa voice recordings for...
Mitigation of H-02: See comments
Lines of code Vulnerability details The PR applies the recommended mitigation from the finding, but doesn't take into account the rounding issue identified in M-09 Impact If the price the NFT is bought for is not an exact multiple of the filledQuantities, there will be a loss of precision, and...
When user of GroupBuy is a contract, refunds will be permanently frozen.
Lines of code Vulnerability details Description claim function is used in GroupBuy to mint Raes proportional to user's contribution to the purchased NFT. withdrawBalance is used to get back funds which are not part of the contribution. They both contain an unsafe call with ETH. For example:...
Buys and refunds can get stuck forever if the parameters are not set sensibly in the LPDA
Lines of code Vulnerability details Impact In the LPDA contract, there is a function called getPrice which returns the price of one token by taking into account the drop in price per second of the Dutch auction. It basically calculates how much time was elapsed since the start of the sale, to...
Borrower can close non-existent credit line positions to effectively force the overall status to REPAID
Lines of code Vulnerability details The LineOfCredit.close function is used to close a credit line position. Both the lender of a specific credit position and the borrower can call this function. However, the function does not check if the given id belongs to a credit line position in the credits...
CVE-2022-39242
Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...
Design/Logic Flaw
Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...
CVE-2022-39242
CVE-2022-39242 affects Frontier, an Ethereum compatibility layer for Substrate. The root cause is that the worst-case weight was always counted as the block weight in all cases, allowing large EVM gas refunds to enable block spamming and inflate chain gas prices. The impact is limited: attack cos...
CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices
Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...
CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices
Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...
GHSA-V57H-6HMH-G2P4 Weight not properly refunded after EVM execution
Impact Previously, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as...