Variable Reuse In Cached Queries

@graphql-mesh/runtime is vulnerable to variable reuse in cached queries. The vulnerability is due to the LRU-based cache retention of DocumentNode, which prevents updated variables, including authentication tokens, from being applied in subsequent requests. It allows an attacker to force a victim...

Design/Logic Flaw

In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection...

CVE-2017-18356

In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection...

CVE-2017-18356

In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection...

PT-2019-8296 · Automattic · Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce plugin versions prior to 3.2.4 Description: The issue allows an attack after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker constructs a specifically crafted string th...

Information Disclosure

TYPO3 CMS is vulnerable to information disclosure. A malicious user can view cached queries that return results meant for another user group...