Lucene search
+L

3529 matches found

Cvelist
Cvelist
added 2018/02/08 11:0 p.m.17 views

CVE-2015-2329

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order...

6.1AI score0.01176EPSS
Exploits0References2
OSV
OSV
added 2018/01/09 10:29 p.m.4 views

CVE-2018-5316

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter...

6.1CVSS5.8AI score0.03685EPSS
Exploits0References3
OSV
OSV
added 2017/11/29 7:29 a.m.9 views

CVE-2017-17058

The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template...

7.5CVSS7.6AI score
Exploits0References3
CNVD
CNVD
added 2017/01/05 12:0 a.m.8 views

WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...

4.8CVSS5.9AI score0.00904EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/10/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-5065

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...

5CVSS6AI score0.16324EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2015/07/15 12:0 a.m.7 views

Abandoned Cart Lite for WooCommerce < 1.9 - Authenticated Blind SQL Injection

The Abandoned Cart Lite for WooCommerce WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

2.7AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2015/06/24 2:59 p.m.4 views

CVE-2015-5065

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...

5CVSS5.8AI score0.16324EPSS
Exploits1References7
CVE
CVE
added 2015/06/24 2:0 p.m.62 views

CVE-2015-5065

CVE-2015-5065 describes an absolute path traversal vulnerability in the WordPress plugin “Paypal Currency Converter Basic For WooCommerce” (WooCommerce integration). In proxy.php, the google currency lookup exposes a flaw that allows remote attackers to read arbitrary files by supplying a full pa...

5CVSS7AI score0.16324EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2013/10/18 12:0 a.m.28 views

WordPress WooCommerce 2.0.17 Cross Site Scripting

Wordpress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability Vendor: WooThemes Product web page: http://www.woothemes.com Affected version: 2.0.17 and 2.0.14 Summary: WooCommerce is an open source e-commerce plugin for WordPress. Desc: The plugin suffers from a XSS issue due to a...

0.1AI score
Exploits0
Rows per page
Query Builder