15 matches found
EUVD-2024-50853
Malicious code in bioql PyPI...
EUVD-2024-44847
Malicious code in bioql PyPI...
CVE-2024-12432
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...
CVE-2024-50416
Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce wpc-shop-as-customer allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through = 1.2.6...
CVE-2024-12432 WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...
CVE-2024-12432 WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...
CVE-2024-12432
The CVE-2024-12432 entry concerns the WPC Shop as a Customer for WooCommerce WordPress plugin, where the generate_key function produces a insufficiently random key, enabling authenticated attackers with Subscriber+ privileges to login as administrators via ajax_login. Affected versions go up to 1...
WordPress plugin WPC Shop as a Customer for WooCommerce 安全特征问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security feature...
WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key vulnerability
Authentication Bypass Due to Insufficiently Unique Key vulnerability discovered by Thanh Nam Tran in WordPress Plugin WPC Shop as a Customer for WooCommerce versions = 1.2.8...
CVE-2024-50416
Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce wpc-shop-as-customer allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through = 1.2.6...
CVE-2024-50416
Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through 1.2.6...
CVE-2024-50416 WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce wpc-shop-as-customer allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through = 1.2.6...
CVE-2024-50416
CVE-2024-50416 affects WordPress plugin WPC Shop as a Customer for WooCommerce (WPClever) up to version 1.2.6, describing a Deserialization of Untrusted Data leading to PHP Object Injection. Patchstack reports a fix in 1.2.7; the issue is triggered by object injection via deserialization of untru...
WordPress plugin WPC Shop as a Customer for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WPC Shop as a Customer for WooCommerce Plugin <= 1.2.6 is vulnerable to PHP Object Injection
Software WPC Shop as a Customer for WooCommerce Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-50416 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ffccd26940cf Credits LVT-tholv2k...