CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Snyk•added 2026/02/05 6:30 p.m.•2 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the orderDirection parameter in the /admin/order/abandoned endpoint. An attacker can execute arbitrary JavaScript code in the context of an...

6.1CVSS5.5AI score0.00024EPSS

Exploits1References2

NVD•added 2026/02/05 5:16 p.m.•3 views

CVE-2025-70791

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...

6.1CVSS0.00024EPSS

Exploits1References2

Vulnrichment•added 2026/02/05 12:0 a.m.•3 views

CVE-2025-70791

6.1AI score0.00024EPSS

Exploits1References2

Patchstack•added 2024/04/03 7:21 a.m.•6 views

WordPress WooCommerce Cart Abandonment Recovery plugin < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF vulnerability

Templates/Abandoned Orders Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin WooCommerce Cart Abandonment Recovery versions 1.2.27...

6.8CVSS7AI score0.00175EPSS

Exploits2References1Affected Software1

OSV•added 2024/04/03 5:15 a.m.•1 views

CVE-2024-2322

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks...

6.8CVSS5.9AI score0.00175EPSS

Exploits2References1

Vulnrichment•added 2024/04/03 5:0 a.m.•12 views

CVE-2024-2322 WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF

6.9AI score0.00175EPSS

Exploits2References1