Lucene search
K

1342 matches found

cnnvd
cnnvd
added 2026/05/13 12:0 a.m.9 views

Gerrit 安全漏洞

Gerrit is a code review tool used within the Gerrit community. Versions of Gerrit 2.12 and later contain security vulnerabilities. These vulnerabilities stem from improper authorization in the “submitted together” feature, which could allow authenticated attackers to bypass code reviews and force...

6CVSS5.9AI score0.00116EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/04 8:21 p.m.5 views

CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1
nvd
nvd
added 2026/05/02 2:16 p.m.11 views

CVE-2026-3504

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS0.0026EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/05/02 1:26 p.m.4 views

CVE-2026-3504 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/02 1:26 p.m.37 views

CVE-2026-3504 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS0.0026EPSS
Exploits0References5
euvd
euvd
added 2026/05/02 1:26 p.m.4 views

EUVD-2026-26790

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'preparereviewsforresponse' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5
cve
cve
added 2026/05/02 1:26 p.m.20 views

CVE-2026-3504

The CVE-2026-3504 entry concerns the Dokan: AI Powered WooCommerce Multivendor Marketplace Solution for WordPress. Affects all versions up to 4.3.1 via the REST endpoint /dokan/v1/stores/{id}/reviews. The root cause is that prepare_reviews_for_response includes reviewer email addresses, usernames...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/05/02 12:0 a.m.11 views

WordPress plugin Dokan: AI Powered WooCommerce Multivendor Marketplace Solution 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/02 12:0 a.m.11 views

PT-2026-36618

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/id/reviews' REST API endpoint. This is due to the 'prepare reviews for response' method...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References6
patchstack
patchstack
added 2026/05/01 9:32 a.m.6 views

WordPress Embedder for Google Reviews plugin <= 1.6.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Embedder for Google Reviews versions = 1.6.6...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/05/01 9:16 a.m.8 views

WordPress Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews plugin <= 3.2.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin GS Testimonial Slider versions = 3.2.8...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/05/01 12:0 a.m.5 views

WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint vulnerability

Unauthenticated Information Disclosure in Store Reviews REST API Endpoint vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Dokan versions = 4.3.1...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
mssecure
mssecure
added 2026/04/29 4:0 p.m.8 views

8 best practices for CISOs conducting risk reviews

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

5.7AI score
Exploits0
patchstack
patchstack
added 2026/04/16 10:46 a.m.7 views

WordPress Customer Reviews for WooCommerce plugin <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch' vulnerability

Reflected Cross-Site Scripting via 'crsearch' vulnerability discovered by WordFence in WordPress Plugin Customer Reviews for WooCommerce versions = 5.101.0...

6.1CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/04/16 9:31 a.m.7 views

EUVD-2026-23207

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.00328EPSS
Exploits0References3
nvd
nvd
added 2026/04/16 7:16 a.m.7 views

CVE-2026-3355

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00328EPSS
Exploits0References2
cve
cve
added 2026/04/16 6:44 a.m.16 views

CVE-2026-3355

Technical details such as affected products, versions, and impact are not provided in the Connected documents. Monitor for updates.

6.1CVSS5.9AI score0.00328EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/16 6:44 a.m.29 views

CVE-2026-3355 Customer Reviews for WooCommerce <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch'

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00328EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/16 6:44 a.m.7 views

CVE-2026-3355

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.00328EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/04/16 12:0 a.m.12 views

WordPress plugin Customer Reviews for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.1CVSS5.6AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder