Lucene search
K

94 matches found

Patchstack
Patchstack
added 2024/07/05 1:45 p.m.7 views

WordPress WPCafe plugin <= 2.2.27 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WPCafe versions = 2.2.27...

8.8CVSS7AI score0.00563EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/05 12:0 a.m.19 views

WordPress WPCafe Plugin <= 2.2.27 is vulnerable to Local File Inclusion

Software WPCafe Type Plugin Vulnerable versions = 2.2.27 Fixed in 2.2.28 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37513 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 939a4f465f21 Credits João Pedro S Alcântara Kinorth Requir...

8.8CVSS6.6AI score0.00563EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/25 6:33 a.m.4 views

WordPress WPCafe plugin <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode vulnerability

Authenticated Contributor+ File inclusion via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WPCafe versions = 2.2.25...

8.8CVSS7AI score0.00593EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/25 6:15 a.m.4 views

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS6.2AI score0.00593EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/06/25 6:15 a.m.4 views

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS6.3AI score0.00593EPSS
Exploits0References3
NVD
NVD
added 2024/06/25 6:15 a.m.31 views

CVE-2024-5431

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS0.00593EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/25 5:41 a.m.23 views

CVE-2024-5431 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS7.3AI score0.00593EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/25 5:41 a.m.31 views

CVE-2024-5431 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS0.00593EPSS
Exploits0References2
CVE
CVE
added 2024/06/25 5:41 a.m.73 views

CVE-2024-5431

CVE-2024-5431 affects the WPCafe WordPress plugin for WooCommerce. The vulnerability is a Local File Inclusion via the shortcode parameter reservation_extra_field in versions up to and including 2.2.25, allowing authenticated users with Contributor level access or higher to include remote files o...

8.8CVSS8.7AI score0.00593EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/25 12:0 a.m.15 views

WordPress WPCafe Plugin <= 2.2.25 is vulnerable to Local File Inclusion

Software WPCafe Type Plugin Vulnerable versions = 2.2.25 Fixed in 2.2.26 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-5431 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e886268b6378 Credits Krzysztof Zając Required privilege Contributor...

8.8CVSS7.2AI score0.00593EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.3 views

WordPress Plugin WPCafe Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS7.1AI score0.00593EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/31 7:15 a.m.3 views

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

6.4CVSS6.1AI score0.00321EPSS
Exploits0References5
NVD
NVD
added 2024/05/31 7:15 a.m.24 views

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

6.4CVSS5.9AI score0.00321EPSS
Exploits0References4
OSV
OSV
added 2024/05/31 7:15 a.m.8 views

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

5.4CVSS6AI score0.00321EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/31 6:40 a.m.42 views

CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

6.4CVSS5.9AI score0.00321EPSS
Exploits0References4
CVE
CVE
added 2024/05/31 6:40 a.m.69 views

CVE-2024-5427

The CVE-2024-5427 entry concerns the WPCafe plugin for WordPress, with a Stored Cross-Site Scripting (XSS) flaw in the Reservation Form shortcode present in versions up to and including 2.2.24. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enab...

6.4CVSS5.9AI score0.00321EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/31 6:40 a.m.17 views

CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/05/31 2:38 a.m.4 views

WordPress WPCafe plugin <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Reservation Form Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WPCafe versions = 2.2.24...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.11 views

PT-2024-36150 · WordPress · Wpcafe

Name of the Vulnerable Software and Affected Versions: WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress versions up to, and including, 2.2.24 Description: The issue arises from insufficient input sanitization and output escaping on...

6.4CVSS6.5AI score0.00321EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/05/31 12:0 a.m.20 views

WordPress WPCafe Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS)

Software WPCafe Type Plugin Vulnerable versions = 2.2.24 Fixed in 2.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5427 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e560e47961d Credits Krzysztof Zając Required...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder