Lucene search
+L

3522 matches found

Check Point Advisories
Check Point Advisories
added 2018/11/18 12:0 a.m.2 views

WordPress File Deletion WooCommerce Plugin Privilege Escalation

A privilege escalation vulnerability exist in WordPress File Deletion WooCommerce Plugin. The vulnerability is due to a lack of validation in file deletion. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

4.6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/11/07 9:1 a.m.586 views

Popular WooCommerce WordPress Plugin Patches Critical Vulnerability

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce...

1AI score
Exploits0
CNVD
CNVD
added 2018/08/23 12:0 a.m.1 views

Wordpress WooCommerce Plugin Deserialization Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A deserialization vulnerability exists in the Wordpress WooCommerce plugin, which can be exploited by an attacker to execute...

7.4AI score
Exploits0References1
CNVD
CNVD
added 2018/06/20 12:0 a.m.6 views

Advanced Order Export For WooCommerce CSV Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up a personal blog website.Advanced Order Export For WooCommerce is used in one of the export WooCommerce order data plug-ins. plugin for...

7.8CVSS7.4AI score0.05209EPSS
Exploits6References1
WPVulnDB
WPVulnDB
added 2018/06/20 12:0 a.m.21 views

Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection

The Advanced Order Export For WooCommerce WordPress plugin was affected by a CSV Injection security vulnerability...

6.8CVSS2.7AI score0.05209EPSS
Exploits6References2Affected Software1
OSV
OSV
added 2018/06/19 7:29 p.m.2 views

CVE-2018-11525

The plugin "Advanced Order Export For WooCommerce" for WordPress v1.5.4 and before is vulnerable to CSV Injection...

7.8CVSS5.8AI score0.05209EPSS
Exploits6References3
OSV
OSV
added 2018/06/01 3:29 p.m.5 views

CVE-2018-11486

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...

6.1CVSS5.6AI score0.00802EPSS
Exploits1References1
CVE
CVE
added 2018/06/01 3:0 p.m.48 views

CVE-2018-11486

Affected product: WordPress MULTIDOTS Advance Search for WooCommerce plugin (versions

6.1CVSS5.9AI score0.00802EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/03/14 7:29 p.m.2 views

CVE-2018-8711

A local file inclusion issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The vulnerability is due to the lack of args/input validation on renderhtml before allowing it to be...

9.8CVSS5.8AI score0.01986EPSS
Exploits0References3
CNVD
CNVD
added 2018/02/26 12:0 a.m.6 views

WordPress WooCommerce plugin cross-site scripting vulnerability (CNVD-2018-05177)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce plugin is one of the free e-commerce plugin. A cross-site scripting vulnerability exists in WordPress...

6.1CVSS6AI score0.01176EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/02/20 12:0 a.m.24 views

WordPress WooCommerce Plugin Crafted Order < 2.3.6 XSS Vulnerability

The WordPress plugin Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS6.4AI score0.01176EPSS
Exploits0References2
Prion
Prion
added 2018/02/08 11:29 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order...

4.3CVSS6.2AI score0.01176EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/02/08 11:0 p.m.155 views

CVE-2015-2329

CVE-2015-2329 affects the WordPress WooCommerce plugin prior to version 2.3.6. The vulnerability is a cross-site scripting (XSS) flaw that allows a remote attacker to inject arbitrary script or HTML via a crafted order. Affected software is the WooCommerce plugin for WordPress; root cause involve...

6.1CVSS6AI score0.01176EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/02/08 11:0 p.m.17 views

CVE-2015-2329

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order...

6.1AI score0.01176EPSS
Exploits0References2
OSV
OSV
added 2018/01/09 10:29 p.m.4 views

CVE-2018-5316

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter...

6.1CVSS5.8AI score0.03685EPSS
Exploits0References3
OSV
OSV
added 2017/11/29 7:29 a.m.9 views

CVE-2017-17058

The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template...

7.5CVSS7.6AI score
Exploits0References3
CNVD
CNVD
added 2017/01/05 12:0 a.m.7 views

WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...

4.8CVSS5.9AI score0.00904EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/10/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-5065

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...

5CVSS6AI score0.16324EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2015/07/15 12:0 a.m.7 views

Abandoned Cart Lite for WooCommerce < 1.9 - Authenticated Blind SQL Injection

The Abandoned Cart Lite for WooCommerce WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

2.7AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2015/06/24 2:59 p.m.4 views

CVE-2015-5065

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...

5CVSS5.8AI score0.16324EPSS
Exploits1References7
Rows per page
Query Builder