57 matches found
WordPress Posti Shipping Plugin <= 3.10.2 is vulnerable to Full Path Disclosure (FPD)
Software Posti Shipping Type Plugin Vulnerable versions = 3.10.2 Fixed in 3.10.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Full Path Disclosure FPD CVE CVE-2024-50512 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f13c6383cb59 Credits Fariq Fadillah Gusti...
PT-2024-39436 · WordPress · Woocommerce Ups Shipping – Live Rates/Access Points
Name of the Vulnerable Software and Affected Versions: WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress versions up to, and including, 2.3.11 Description: The issue allows authenticated attackers with Subscriber-level access and above to delete the plugin's API key due...
CVE-2024-9237
The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for...
WordPress WooCommerce Multiple Customer Addresses & Shipping plugin < 24.9 - Vulnerable ACF Pro plugin Embed vulnerability
Vulnerable ACF Pro plugin Embed vulnerability discovered by ? in WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping versions 24.9...
WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability
Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin USPS Shipping for WooCommerce – Live Rates versions = 1.9.4...
WordPress Flexible Shipping Plugin <= 4.24.15 is vulnerable to Broken Access Control
Software Flexible Shipping Type Plugin Vulnerable versions = 4.24.15 Fixed in 4.24.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32828 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049558da37db Credits Dhabaleshwar Das Requir...
CVE-2023-45761
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Joovii Sendle Shipping Plugin plugin = 5.13 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Joovii Sendle Shipping Plugin plugin = 5.13 versions...
WordPress Plugin Sendle Shipping Plugin Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2023-45761
CVE-2023-45761 is an unauthenticated Reflected Cross-Site Scripting (XSS) flaw affecting the Joovii Sendle Shipping Plugin for WordPress (Sendle Shipping Plugin) versions <= 5.13. Public sources describe an XSS vulnerability that can be triggered without authentication, with CVSS guidance rang...
WordPress Mojito Shipping Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)
Software Mojito Shipping Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 836e46da79bb Credits Rafie Muhammad Patchstack Required...
CVE-2023-34015
Cross-Site Request Forgery CSRF vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin = 1.6.4.4 versions...
CVE-2023-34015
CVE-2023-34015 concerns the WordPress plugin “Advanced Flat rate shipping Woocommerce” (part of the PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce) with a Cross-Site Request Forgery (CSRF) vulnerability. Technical details available in c...
Advanced Flat rate shipping Woocommerce < 1.6.4.6 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin = 1.6.4.4 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin = 2.3.1 leading to activation/deactivation of plugin rulesets...
Conditional Shipping for WooCommerce < 2.3.2 - Ruleset Toggle via CSRF
The plugin does not have CSRF check when toggling ruleset, which could allow attackers to make logged in users with the managewoocommerce capability perform such action via a CSRF attack...
CVE-2022-4000
The WooCommerce Shipping WordPress plugin through 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...