EUVD-2022-43116

Malicious code in bioql PyPI...

CVE-2024-9170

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcjproductmeta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-47657

Auth. ShopManager+ Stored Cross-Site Scripting XSS vulnerability in GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce plugin = 1.5.8 versions...

CVE-2024-9170

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcjproductmeta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9170 Booster for WooCommerce <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcjproductmeta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9170

CVE-2024-9170 (Booster for WooCommerce) is a stored cross-site scripting vulnerability in the Booster for WooCommerce WordPress plugin, affecting all versions up to and including 7.2.3. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wc...

WordPress Booster for WooCommerce plugin <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode vulnerability

Authenticated ShopManager+ Stored Cross-Site Scripting via wcjproductmeta Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Booster for WooCommerce versions = 7.2.3...

CVE-2023-47658

Auth. ShopManager+ Stored Cross-Site Scripting XSS vulnerability in actpro Extra Product Options for WooCommerce plugin = 3.0.3 versions...

Cross site scripting

Auth. ShopManager+ Stored Cross-Site Scripting XSS vulnerability in actpro Extra Product Options for WooCommerce plugin = 3.0.3 versions...

CVE-2023-47658 WordPress Extra Product Options for WooCommerce Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. ShopManager+ Stored Cross-Site Scripting XSS vulnerability in actpro Extra Product Options for WooCommerce plugin = 3.0.3 versions...

CVE-2023-47657 WordPress Direct Checkout – Quick View – Buy Now For WooCommerce Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)

Auth. ShopManager+ Stored Cross-Site Scripting XSS vulnerability in GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce plugin = 1.5.8 versions...

CVE-2023-47657

CVE-2023-47657 affects GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce plugin up to version 1.5.8. It is a Stored XSS vulnerability exploitable by an authenticated user with Shop Manager+ privileges. Patch status: fixed in 1.5.9 (per Patchstack); NVD lists CVSSv3.1 base 4.8 (m...

WooCommerce Product Vendors < 2.1.79 - ShopManager+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as ShopManager PoC As ShopManager, open the URL below...

Code injection

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrar...

CVE-2022-3762 Booster for WooCommerce - ShopManager+ Arbitrary File Download

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrar...

CVE-2022-3762 Booster for WooCommerce - ShopManager+ Arbitrary File Download

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrar...

Booster for WooCommerce - ShopManager+ Arbitrary File Download

The plugins do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to for example in multisite PoC Enable the "Checkout File Upload" module and open the following URL ...

Booster for WooCommerce - ShopManager+ Arbitrary File Download

The plugins do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to for example in multisite Enable the "Checkout File Upload" module and open the following URL as a...

CVE-2022-3420 Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS

The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...

Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks. Put the following payload in the WooCommerce Settings Billingo E-mail Beállítások Gomb szöveg field in the table:...