19 matches found
EUVD-2024-36891
Malicious code in bioql PyPI...
EUVD-2024-36893
Malicious code in bioql PyPI...
CVE-2024-37935
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...
CVE-2024-37933
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...
CVE-2024-37932
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...
CVE-2024-37935
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...
CVE-2024-37935 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...
CVE-2024-37935 WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...
CVE-2024-37932
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...
CVE-2024-37933
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4...
CVE-2024-37932
CVE-2024-37932 is described in the supplied documents as an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in the OpenPos POS plugin for WooCommerce. The vulnerability is cited as affecting Woocommerce OpenPos versions up to and including 6.4.4. Multipl...
CVE-2024-37933
CVE-2024-37933 is a confirmed, active SQL injection affecting Woocommerce OpenPos for WordPress (Openpos) up to version 6.4.4. The vulnerability arises from improper neutralization of input in SQL commands, enabling an unauthenticated attacker to potentially access or alter data over the network....
WordPress plugin Woocommerce OpenPos SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2024-27838 · Unknown · Woocommerce Openpos
Name of the Vulnerable Software and Affected Versions: WooCommerce OpenPos versions prior to 6.4.4 Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for potential exploitation...
PT-2024-27837 · Unknown · Woocommerce Openpos
Name of the Vulnerable Software and Affected Versions: WooCommerce OpenPos versions through 6.4.4 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability. This allows for file manipulation. Recommendations...
WordPress plugin Woocommerce OpenPos path traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress Woocommerce OpenPos Plugin <= 7.0.1 is vulnerable to Broken Access Control
Software Woocommerce OpenPos Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37935 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d6898ddc425e Credits Dave Jong Patchstack...
WordPress Woocommerce OpenPos Plugin <= 6.4.4 is vulnerable to SQL Injection
Software Woocommerce OpenPos Type Plugin Vulnerable versions = 6.4.4 Fixed in 7.0.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37933 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ffbf45a16888 Credits Dave Jong Patchstack Required privilege...
WordPress Woocommerce OpenPos Plugin <= 6.4.4 is vulnerable to Arbitrary File Deletion
Software Woocommerce OpenPos Type Plugin Vulnerable versions = 6.4.4 Fixed in 7.0.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37932 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 80d70b64099f Credits Dave Jong Patchstack...