20 matches found
EUVD-2023-39873
Malicious code in bioql PyPI...
CVE-2023-35880
Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Brands plugin = 1.6.49 versions...
CVE-2024-11746
The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'productbrand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and outp...
CVE-2024-11746
The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'productbrand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and outp...
CVE-2024-11746 Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'productbrand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and outp...
CVE-2024-11746
CVE-2024-11746 affects the WordPress plugin “Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin” up to version 1.3.2. The issue is a Stored XSS via the product_brand shortcode due to insufficient input sanitization and output escaping on user-supplied at...
WordPress GS Woocommerce Brands plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Woocommerce Brands versions = 1.3.2...
CVE-2023-32746
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Brands plugin = 1.6.45 versions...
CVE-2023-32746
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Brands plugin = 1.6.45 versions...
PT-2023-23994 · Woocommerce · Woocommerce Brands
Name of the Vulnerable Software and Affected Versions: WooCommerce WooCommerce Brands plugin versions = 1.6.45 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or higher permissions...
WordPress plugin WooCommerce Brands 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-35880
Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Brands plugin = 1.6.49 versions...
CVE-2023-35880
Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Brands plugin = 1.6.49 versions...
CVE-2023-35880
CVE-2023-35880: CSRF in WooCommerce Brands (WordPress plugin)
CVE-2023-35880 WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Brands plugin = 1.6.49 versions...
WordPress Plugin WooCommerce Brands 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF)
Software WooCommerce Brands Type Plugin Vulnerable versions = 1.6.49 Fixed in 1.6.50 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-35880 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f5fc6ab7da71 Credits Rafie Muhammad...
WordPress WooCommerce Brands Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Brands Type Plugin Vulnerable versions = 1.6.45 Fixed in 1.6.46 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32746 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0ef0c0a8b9a1 Credits Rafie Muhammad...
WooCommerce Brands < 1.6.46 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add a Brand with an image, and assign it...
WordPress YITH WooCommerce Brands Add-On plugin <=1.3.6 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Brands Add-On plugin versions =1.3.6. Solution Update the WordPress YITH WooCommerce Brands Add-On plugin to the latest available version at least 1.3.7...