Lucene search
K

196 matches found

NVD
NVD
added 2025/06/20 3:15 p.m.4 views

CVE-2025-49987

Missing Authorization vulnerability in WPFactory CRM ERP Business Solution crm-erp-business-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CRM ERP Business Solution: from n/a through = 1.13...

5.3CVSS0.00249EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:4 p.m.21 views

CVE-2025-49987

CVE-2025-49987 is a Missing Authorization (Broken Access Control) vulnerability in the WPFactory CRM ERP Business Solution WordPress plugin, affecting versions up to 1.13. The issue stems from improperly configured access control, allowing unauthorized users to exploit protections and access or m...

5.3CVSS5.9AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.3 views

PT-2025-26355 · Wpfactory · Wpfactory Crm Erp Business Solution

Name of the Vulnerable Software and Affected Versions: WPFactory CRM ERP Business Solution versions 1.13 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For...

5.3CVSS6.3AI score0.00249EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/12 1:19 p.m.6 views

CVE-2025-49510

Cross-Site Request Forgery CSRF vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through = 5.1.0...

4.3CVSS5.9AI score0.0015EPSS
Exploits0References1
NVD
NVD
added 2025/06/10 1:15 p.m.8 views

CVE-2025-49510

Cross-Site Request Forgery CSRF vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through = 5.1.0...

4.3CVSS0.0015EPSS
Exploits0References1
CVE
CVE
added 2025/06/10 12:36 p.m.49 views

CVE-2025-49510

CVE-2025-49510 is a CSRF vulnerability in the WordPress plugin Min Max Step Quantity Limits Manager for WooCommerce. Affected versions are up to and including 5.1.0. Remediation is available in version 5.1.0 (patched). No exploitation details are provided in the connected documents.

4.3CVSS5.9AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:33 a.m.8 views

CVE-2024-8656

The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS6.4AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:40 a.m.7 views

CVE-2024-31276

Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.8...

9.8CVSS7AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:4 a.m.10 views

CVE-2023-36689

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPFactory WPFactory Helper plugin = 1.5.2 versions...

7.1CVSS5.9AI score0.00351EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:17 a.m.7 views

CVE-2023-51399

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:10 a.m.5 views

CVE-2023-23868

Missing Authorization vulnerability in WPFactory Cost of Goods for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost of Goods for WooCommerce: from n/a through 2.8.6...

5.4CVSS8AI score0.00612EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.9 views

CVE-2025-48240

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Cost of Goods for WooCommerce cost-of-goods-for-woocommerce allows Stored XSS.This issue affects Cost of Goods for WooCommerce: from n/a through = 3.7.0...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.13 views

CVE-2025-48253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce amount-left-free-shipping-woocommerce allows Stored XSS.This issue affects Free Shipping Bar: Amount Left for Free Shippin...

6.5CVSS5.9AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.7 views

CVE-2025-48239

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Product Notes Tab & Private Admin Notes for WooCommerce product-notes-for-woocommerce allows Stored XSS.This issue affects Product Notes Tab & Private Admin Notes for WooCommerce: from n/...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.7 views

CVE-2025-48248

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to All Products global-shop-discount-for-woocommerce allows Stored XSS.This issue affects Sitewide Discount for WooCommerce: Apply Discou...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.8 views

CVE-2025-48251

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce custom-emails-for-woocommerce allows Stored XSS.This issue affects Additional Custom Emails & Recipients for WooCommerce: from n/a...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.8 views

CVE-2025-48237

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through = 3.2.2...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.10 views

CVE-2025-48252

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through = 1.6.8...

6.5CVSS5.9AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:13 p.m.11 views

CVE-2025-48249

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Stored XSS.This issue affects EAN for WooCommerce: from n/a through = 5.4.6...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:13 p.m.9 views

CVE-2025-48250

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce url-coupons-for-woocommerce-by-algoritmika allows Stored XSS.This issue affects Coupons & Add to Cart by URL Links for WooCommerce: from...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder