26 matches found
EUVD-2024-43809
Malicious code in bioql PyPI...
CVE-2022-4107
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server...
CVE-2024-12066
The SMSA Shippingofficial plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsadeletelabel function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
CVE-2024-49249
Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through = 2.3...
CVE-2024-49249
Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through = 2.3...
CVE-2024-49249 WordPress SMSA Shipping plugin <= 2.3 - Arbitrary File Deletion vulnerability
Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3...
CVE-2024-49249
CVE-2024-49249 affects the WordPress SMSA Shipping plugin (versions
CVE-2024-49249 WordPress SMSA Shipping plugin <= 2.3 - Arbitrary File Deletion vulnerability
Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through = 2.3...
WordPress plugin SMSA Shipping 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress SMSA Shipping plugin <= 2.3 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin SMSA Shipping versions = 2.3...
CVE-2024-12066
The SMSA Shippingofficial plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsadeletelabel function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
CVE-2024-12066 SMSA Shipping(official) <= 2.3 - Authenticated (Subscriber+) Arbitrary File Deletion
The SMSA Shippingofficial plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsadeletelabel function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
CVE-2024-12066
The CVE-2024-12066 entry concerns the SMSA Shipping (official) WordPress plugin. Affected versions up to 2.2 are vulnerable due to insufficient file path validation in the smsa_delete_label() function, enabling authenticated users with Subscriber+ privileges to delete arbitrary files on the serve...
CVE-2024-12066 SMSA Shipping(official) <= 2.3 - Authenticated (Subscriber+) Arbitrary File Deletion
The SMSA Shippingofficial plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsadeletelabel function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
PT-2024-17426 · WordPress · Smsa Shipping
Name of the Vulnerable Software and Affected Versions: SMSA Shipping plugin for WordPress versions up to, and including, 2.2 Description: The SMSA Shipping plugin for WordPress has a flaw in the smsa delete label function due to insufficient file path validation. This issue allows authenticated...
WordPress plugin SMSA Shipping(official) 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
CVE-2022-4107
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server...
CVE-2022-4107
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server...
Cross site request forgery (csrf)
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server...
CVE-2022-4107 SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download
The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server...