Lucene search
K

77 matches found

OSV
OSV
added 2025/02/12 9:15 a.m.5 views

CVE-2024-12315

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in t...

7.5CVSS7.3AI score
Exploits0References3
OSV
OSV
added 2024/09/25 3:15 a.m.4 views

CVE-2024-7386

The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund function. This makes it possible for unauthenticated attackers to perform...

4.3CVSS5.6AI score0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/25 2:4 a.m.29 views

CVE-2024-7386 Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery

The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund function. This makes it possible for unauthenticated attackers to perform...

4.3CVSS0.00175EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2023/12/11 1:8 a.m.3 views

refunds-app.com Improper Access Control vulnerability OBB-3808991

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
OSV
OSV
added 2023/11/30 3:15 p.m.5 views

CVE-2023-45066

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1...

7.5CVSS5.8AI score0.00531EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 2:43 p.m.29 views

CVE-2023-45066 WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue affects Export All Posts, Products, Orders, Refunds & Users: from n/a through 2.4.1...

5.9CVSS7.7AI score0.00531EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.3 views

WordPress Plugin Export All Posts, Products, Orders, Refunds & Users Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.5CVSS6.1AI score0.00531EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.4 views

PT-2023-29385 · Unknown · Smackcoders Export All Posts

Name of the Vulnerable Software and Affected Versions: Smackcoders Export All Posts, Products, Orders, Refunds & Users versions n/a through 2.4.1 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data can be...

7.5CVSS7.2AI score0.00531EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/06/03 8:5 a.m.43 views

FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring

The U.S. Federal Trade Commission FTC has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. This comprises a $25 million penalty for breaching children's privacy laws by retaining their Alexa voice recordings for...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/03 8:5 a.m.5 views

FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring

The U.S. Federal Trade Commission FTC has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. This comprises a $25 million penalty for breaching children's privacy laws by retaining their Alexa voice recordings for...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2023/01/29 12:0 a.m.15 views

Mitigation of H-02: See comments

Lines of code Vulnerability details The PR applies the recommended mitigation from the finding, but doesn't take into account the rounding issue identified in M-09 Impact If the price the NFT is bought for is not an exact multiple of the filledQuantities, there will be a loss of precision, and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.6 views

When user of GroupBuy is a contract, refunds will be permanently frozen.

Lines of code Vulnerability details Description claim function is used in GroupBuy to mint Raes proportional to user's contribution to the purchased NFT. withdrawBalance is used to get back funds which are not part of the contribution. They both contain an unsafe call with ETH. For example:...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.6 views

Buys and refunds can get stuck forever if the parameters are not set sensibly in the LPDA

Lines of code Vulnerability details Impact In the LPDA contract, there is a function called getPrice which returns the price of one token by taking into account the drop in price per second of the Dutch auction. It basically calculates how much time was elapsed since the start of the sale, to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/10 12:0 a.m.7 views

Borrower can close non-existent credit line positions to effectively force the overall status to REPAID

Lines of code Vulnerability details The LineOfCredit.close function is used to close a credit line position. Both the lender of a specific credit position and the borrower can call this function. However, the function does not check if the given id belongs to a credit line position in the credits...

6.7AI score
Exploits0
NVD
NVD
added 2022/09/24 2:15 a.m.27 views

CVE-2022-39242

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

5.3CVSS0.00612EPSS
Exploits0References2
Prion
Prion
added 2022/09/24 2:15 a.m.15 views

Design/Logic Flaw

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

5CVSS5.1AI score0.00612EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/09/24 1:25 a.m.67 views

CVE-2022-39242

CVE-2022-39242 affects Frontier, an Ethereum compatibility layer for Substrate. The root cause is that the worst-case weight was always counted as the block weight in all cases, allowing large EVM gas refunds to enable block spamming and inflate chain gas prices. The impact is limited: attack cos...

5.3CVSS5.1AI score0.00612EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/24 1:25 a.m.25 views

CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

5.3CVSS5.4AI score0.00612EPSS
Exploits0References2
OSV
OSV
added 2022/09/24 1:25 a.m.6 views

CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

5.3CVSS6.8AI score0.00612EPSS
Exploits0References4
OSV
OSV
added 2022/09/23 10:7 p.m.39 views

GHSA-V57H-6HMH-G2P4 Weight not properly refunded after EVM execution

Impact Previously, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as...

5.3CVSS5AI score0.00612EPSS
Exploits0References4
Rows per page
Query Builder