Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-32610

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00382EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-15868

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00852EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50781

Malicious code in bioql PyPI...

6.1CVSS8.9AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54084

Malicious code in bioql PyPI...

6.5CVSS9.2AI score0.00327EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.5 views

CVE-2023-28992

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin = 5.4.3 versions...

7.1CVSS5.9AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.5 views

CVE-2023-30475

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin = 5.4.5 versions...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:4 p.m.6 views

CVE-2022-0818

The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin...

6.1CVSS6.1AI score0.00852EPSS
Exploits2References1
NVD
NVD
added 2025/03/15 4:15 a.m.8 views

CVE-2024-12336

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...

6.5CVSS0.00327EPSS
Exploits0References3
OSV
OSV
added 2025/03/15 4:15 a.m.4 views

CVE-2024-12336

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00327EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/15 3:23 a.m.20 views

CVE-2024-12336 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-all

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...

6.5CVSS0.00327EPSS
Exploits0References3
CVE
CVE
added 2025/03/15 3:23 a.m.52 views

CVE-2024-12336

CVE-2024-12336 affects WC Affiliate – A Complete WooCommerce Affiliate Plugin for WordPress up to version 2.5.3, where a missing capability check in export_all_data allows authenticated users with Subscriber+ privileges to read sensitive affiliate data (PII). The vulnerability is confirmed by mul...

6.5CVSS6.2AI score0.00327EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/15 3:23 a.m.10 views

CVE-2024-12336 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-all

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...

6.5CVSS6AI score0.00327EPSS
Exploits0References3
OSV
OSV
added 2025/01/26 12:15 p.m.3 views

CVE-2024-12334

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS7.4AI score0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/26 11:9 a.m.11 views

CVE-2024-12334 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS6.5AI score0.00272EPSS
Exploits0References2
CVE
CVE
added 2025/01/26 11:9 a.m.59 views

CVE-2024-12334

CVE-2024-12334 concerns the WC Affiliate – A Complete WooCommerce Affiliate Plugin for WordPress. Affected versions: all up to and including 2.4. Root cause: insufficient input sanitization and output escaping, enabling Reflected Cross-Site Scripting via any parameter. Impact: unauthenticated att...

6.1CVSS6AI score0.00272EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/26 11:9 a.m.33 views

CVE-2024-12334 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting

The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/01 8:30 a.m.51 views

CVE-2024-9289 WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

9.8CVSS0.00559EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/01 12:0 a.m.4 views

WordPress plugin WordPress & WooCommerce Affiliate Program 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...

9.8CVSS6.8AI score0.00559EPSS
Exploits0References3
Prion
Prion
added 2023/08/14 2:15 p.m.24 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin = 5.4.5 versions...

5.8CVSS6AI score0.00379EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/14 1:53 p.m.38 views

CVE-2023-30475

CVE-2023-30475 : Unauthenticated reflected XSS in the WordPress plugin “Coupon Affiliates – WooCommerce Affiliate Plugin” (Coupon Affiliates) up to version 5.4.5. Public sources identify the vulnerability as a reflected cross-site scripting issue triggered via the page parameter, with the exploit...

7.1CVSS6AI score0.00379EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder