3522 matches found
WordPress File Deletion WooCommerce Plugin Privilege Escalation
A privilege escalation vulnerability exist in WordPress File Deletion WooCommerce Plugin. The vulnerability is due to a lack of validation in file deletion. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
Popular WooCommerce WordPress Plugin Patches Critical Vulnerability
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce...
Wordpress WooCommerce Plugin Deserialization Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A deserialization vulnerability exists in the Wordpress WooCommerce plugin, which can be exploited by an attacker to execute...
Advanced Order Export For WooCommerce CSV Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up a personal blog website.Advanced Order Export For WooCommerce is used in one of the export WooCommerce order data plug-ins. plugin for...
Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection
The Advanced Order Export For WooCommerce WordPress plugin was affected by a CSV Injection security vulnerability...
CVE-2018-11525
The plugin "Advanced Order Export For WooCommerce" for WordPress v1.5.4 and before is vulnerable to CSV Injection...
CVE-2018-11486
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...
CVE-2018-11486
Affected product: WordPress MULTIDOTS Advance Search for WooCommerce plugin (versions
CVE-2018-8711
A local file inclusion issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The vulnerability is due to the lack of args/input validation on renderhtml before allowing it to be...
WordPress WooCommerce plugin cross-site scripting vulnerability (CNVD-2018-05177)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce plugin is one of the free e-commerce plugin. A cross-site scripting vulnerability exists in WordPress...
WordPress WooCommerce Plugin Crafted Order < 2.3.6 XSS Vulnerability
The WordPress plugin Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
Cross site scripting
Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order...
CVE-2015-2329
CVE-2015-2329 affects the WordPress WooCommerce plugin prior to version 2.3.6. The vulnerability is a cross-site scripting (XSS) flaw that allows a remote attacker to inject arbitrary script or HTML via a crafted order. Affected software is the WooCommerce plugin for WordPress; root cause involve...
CVE-2015-2329
Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order...
CVE-2018-5316
The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter...
CVE-2017-17058
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template...
WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...
VulnCheck KEV: CVE-2015-5065
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...
Abandoned Cart Lite for WooCommerce < 1.9 - Authenticated Blind SQL Injection
The Abandoned Cart Lite for WooCommerce WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...
CVE-2015-5065
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...