Lucene search
+L

215 matches found

NVD
NVD
added 2024/01/11 9:15 a.m.25 views

CVE-2023-4960

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.7AI score0.00443EPSS
Exploits0References4
Prion
Prion
added 2024/01/11 9:15 a.m.18 views

Cross site scripting

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.9CVSS6AI score0.00443EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 8:33 a.m.5 views

CVE-2023-4960 WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS6.8AI score0.00443EPSS
Exploits0References4
CVE
CVE
added 2024/01/11 8:33 a.m.80 views

CVE-2023-4960

CVE-2023-4960 concerns the WordPress plugin WCFM Marketplace. A stored XSS flaw exists in versions up to 3.6.2 due to insufficient input sanitization and output escaping on attributes used with the wcfm_stores shortcode. The issue can be exploited by authenticated users with contributor-level per...

6.4CVSS5.1AI score0.00443EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/01/11 8:33 a.m.29 views

CVE-2023-4960 WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.8AI score0.00443EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.5 views

WordPress Plugin WCFM Marketplace 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin WCFM Marketplace, which stems from the application's lack of effective filteri...

6.4CVSS5.9AI score0.00443EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.16 views

PT-2024-13762 · WordPress · Wcfm Marketplace

Name of the Vulnerable Software and Affected Versions: WCFM Marketplace plugin for WordPress versions up to, and including, 3.6.2 Description: The issue is related to Stored Cross-Site Scripting via the 'wcfm stores' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.5AI score0.00443EPSS
Exploits0References9
Patchstack
Patchstack
added 2023/11/27 12:0 a.m.14 views

WordPress WCFM Marketplace Plugin <= 3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.6.2 Fixed in 3.6.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4960 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0283a85d23db Credits István Márton Required...

6.4CVSS6AI score0.00443EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/25 12:0 a.m.25 views

WCFM Marketplace < 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00443EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.6 views

WordPress Better Messages – WCFM Integration Plugin < 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Better Messages – WCFM Integration Type Plugin Vulnerable versions 1.0.7 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7866237de730 Credits Rafie Muhammad...

6.2AI score0.00284EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/20 4:15 a.m.25 views

CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS9.5AI score0.01093EPSS
Exploits0References4
OSV
OSV
added 2023/05/20 4:15 a.m.7 views

CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS5.8AI score0.01093EPSS
Exploits0References4
Prion
Prion
added 2023/05/20 4:15 a.m.12 views

Authorization

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

7.5CVSS9.3AI score0.01093EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/05/20 3:35 a.m.24 views

CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS9.6AI score0.01093EPSS
Exploits0References4
CVE
CVE
added 2023/05/20 3:35 a.m.68 views

CVE-2023-2276

The CVE-2023-2276 entry concerns the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace WordPress plugin. Affected versions ≤ 2.10.7 are vulnerable to Insecure Direct Object References (IDOR), allowing unauthenticated attackers to access object resources and bypass authorizatio...

9.8CVSS9.3AI score0.01093EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/20 3:35 a.m.9 views

CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS7.2AI score0.01093EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/20 12:0 a.m.6 views

WordPress Plugin WCFM Membership 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WCFM Membership -...

9.8CVSS8.4AI score0.01093EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/04/06 12:0 a.m.13 views

WordPress WCFM Membership Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM Membership Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.10.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4941 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 09fe2dd39646 Credits Chloe Chamberland...

8.8CVSS6.6AI score0.00321EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/04/06 12:0 a.m.21 views

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.5.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.5.13 Fixed in 6.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4938 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 825435f567d9...

8.8CVSS7AI score0.00248EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/04/06 12:0 a.m.16 views

WordPress WCFM Membership Plugin <= 2.10.0 is vulnerable to Broken Access Control

Software WCFM Membership Type Plugin Vulnerable versions = 2.10.0 Fixed in 2.10.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4940 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID b80cebcdc2c4 Credits Chloe Chamberland Required...

7.3CVSS6.5AI score0.01084EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder