Lucene search
K

57 matches found

Patchstack
Patchstack
added 2024/10/28 12:0 a.m.11 views

WordPress Posti Shipping Plugin <= 3.10.2 is vulnerable to Full Path Disclosure (FPD)

Software Posti Shipping Type Plugin Vulnerable versions = 3.10.2 Fixed in 3.10.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Full Path Disclosure FPD CVE CVE-2024-50512 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f13c6383cb59 Credits Fariq Fadillah Gusti...

5.3CVSS6.6AI score0.00334EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.6 views

PT-2024-39436 · WordPress · Woocommerce Ups Shipping – Live Rates/Access Points

Name of the Vulnerable Software and Affected Versions: WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress versions up to, and including, 2.3.11 Description: The issue allows authenticated attackers with Subscriber-level access and above to delete the plugin's API key due...

4.3CVSS6.7AI score0.00386EPSS
Exploits0References7
OSV
OSV
added 2024/10/04 5:15 a.m.6 views

CVE-2024-9237

The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for...

6.1CVSS6AI score0.00363EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/08/06 7:18 a.m.2 views

WordPress WooCommerce Multiple Customer Addresses & Shipping plugin < 24.9 - Vulnerable ACF Pro plugin Embed vulnerability

Vulnerable ACF Pro plugin Embed vulnerability discovered by ? in WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping versions 24.9...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/22 2:54 p.m.6 views

WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin USPS Shipping for WooCommerce – Live Rates versions = 1.9.4...

5.3CVSS7AI score0.00365EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.11 views

WordPress Flexible Shipping Plugin <= 4.24.15 is vulnerable to Broken Access Control

Software Flexible Shipping Type Plugin Vulnerable versions = 4.24.15 Fixed in 4.24.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32828 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049558da37db Credits Dhabaleshwar Das Requir...

4.3CVSS6.6AI score0.00337EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/25 6:17 p.m.6 views

CVE-2023-45761

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Joovii Sendle Shipping Plugin plugin = 5.13 versions...

6.1CVSS7.3AI score0.00437EPSS
Exploits0References1
Prion
Prion
added 2023/10/25 6:17 p.m.19 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Joovii Sendle Shipping Plugin plugin = 5.13 versions...

5.8CVSS6AI score0.00437EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.5 views

WordPress Plugin Sendle Shipping Plugin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

7.1CVSS6AI score0.00437EPSS
Exploits0References2
CVE
CVE
added 2023/10/24 11:55 a.m.43 views

CVE-2023-45761

CVE-2023-45761 is an unauthenticated Reflected Cross-Site Scripting (XSS) flaw affecting the Joovii Sendle Shipping Plugin for WordPress (Sendle Shipping Plugin) versions &lt;= 5.13. Public sources describe an XSS vulnerability that can be triggered without authentication, with CVSS guidance rang...

7.1CVSS6AI score0.00437EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.6 views

WordPress Mojito Shipping Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Mojito Shipping Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 836e46da79bb Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/07/11 9:15 a.m.49 views

CVE-2023-34015

Cross-Site Request Forgery CSRF vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin = 1.6.4.4 versions...

8.8CVSS6.5AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2023/07/11 8:36 a.m.41 views

CVE-2023-34015

CVE-2023-34015 concerns the WordPress plugin “Advanced Flat rate shipping Woocommerce” (part of the PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce) with a Cross-Site Request Forgery (CSRF) vulnerability. Technical details available in c...

8.8CVSS7.1AI score0.00246EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/11 12:0 a.m.20 views

Advanced Flat rate shipping Woocommerce < 1.6.4.6 - Cross-Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin = 1.6.4.4 versions...

8.8CVSS6.9AI score0.00246EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/03/01 3:15 p.m.19 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin = 2.3.1 leading to activation/deactivation of plugin rulesets...

5.8CVSS5.6AI score0.00215EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/27 12:0 a.m.11 views

Conditional Shipping for WooCommerce < 2.3.2 - Ruleset Toggle via CSRF

The plugin does not have CSRF check when toggling ruleset, which could allow attackers to make logged in users with the managewoocommerce capability perform such action via a CSRF attack...

8.8CVSS8.2AI score0.00264EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/12/12 6:15 p.m.2 views

CVE-2022-4000

The WooCommerce Shipping WordPress plugin through 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0047EPSS
Exploits2References1
Rows per page
Query Builder