34 matches found
EUVD-2023-32610
Malicious code in bioql PyPI...
EUVD-2022-15868
Malicious code in bioql PyPI...
EUVD-2024-50781
Malicious code in bioql PyPI...
EUVD-2024-54084
Malicious code in bioql PyPI...
CVE-2023-28992
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin = 5.4.3 versions...
CVE-2023-30475
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin = 5.4.5 versions...
CVE-2022-0818
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin...
CVE-2024-12336
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...
CVE-2024-12336
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...
CVE-2024-12336 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-all
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...
CVE-2024-12336
CVE-2024-12336 affects WC Affiliate – A Complete WooCommerce Affiliate Plugin for WordPress up to version 2.5.3, where a missing capability check in export_all_data allows authenticated users with Subscriber+ privileges to read sensitive affiliate data (PII). The vulnerability is confirmed by mul...
CVE-2024-12336 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-all
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportalldata' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with...
CVE-2024-12334
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-12334 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-12334
CVE-2024-12334 concerns the WC Affiliate – A Complete WooCommerce Affiliate Plugin for WordPress. Affected versions: all up to and including 2.4. Root cause: insufficient input sanitization and output escaping, enabling Reflected Cross-Site Scripting via any parameter. Impact: unauthenticated att...
CVE-2024-12334 WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site Scripting
The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-9289 WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...
WordPress plugin WordPress & WooCommerce Affiliate Program 访问控制错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control error...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin = 5.4.5 versions...
CVE-2023-30475
CVE-2023-30475 : Unauthenticated reflected XSS in the WordPress plugin “Coupon Affiliates – WooCommerce Affiliate Plugin” (Coupon Affiliates) up to version 5.4.5. Public sources identify the vulnerability as a reflected cross-site scripting issue triggered via the page parameter, with the exploit...