3529 matches found
CVE-2015-2329
Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order...
CVE-2018-5316
The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter...
CVE-2017-17058
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template...
WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...
VulnCheck KEV: CVE-2015-5065
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...
Abandoned Cart Lite for WooCommerce < 1.9 - Authenticated Blind SQL Injection
The Abandoned Cart Lite for WooCommerce WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...
CVE-2015-5065
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...
CVE-2015-5065
CVE-2015-5065 describes an absolute path traversal vulnerability in the WordPress plugin “Paypal Currency Converter Basic For WooCommerce” (WooCommerce integration). In proxy.php, the google currency lookup exposes a flaw that allows remote attackers to read arbitrary files by supplying a full pa...
WordPress WooCommerce 2.0.17 Cross Site Scripting
Wordpress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability Vendor: WooThemes Product web page: http://www.woothemes.com Affected version: 2.0.17 and 2.0.14 Summary: WooCommerce is an open source e-commerce plugin for WordPress. Desc: The plugin suffers from a XSS issue due to a...