141 matches found
CVE-2024-43254
CVE-2024-43254 affects the WordPress plugin Clover Online Orders (Smart Online Order for Clover). The connected docs identify a Missing Authorization issue due to misconfigured access control in Smart Online Order for Clover up to version 1.5.6. The Wordfence/CVE entries note the vulnerability as...
WordPress plugin Smart Online Order for Clover 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin Smart Online Order for Clover 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exis...
PT-2024-30416 · Zaytech · Zaytech Smart Online Order For Clover
Name of the Vulnerable Software and Affected Versions: Zaytech Smart Online Order for Clover versions 1.5.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...
PT-2024-30415 · Zaytech · Zaytech Smart Online Order For Clover
Name of the Vulnerable Software and Affected Versions: Zaytech Smart Online Order for Clover versions 1.5.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions...
CVE-2024-8787
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject...
CVE-2024-8787
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject...
CVE-2024-8787 Smart Online Order for Clover <= 1.5.7 - Reflected Cross-Site Scripting
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject...
CVE-2024-8787
CVE-2024-8787 (Smart Online Order for Clover, WordPress) is a Reflected Cross-Site Scripting vulnerability caused by improper escaping when using add_query_arg and remove_query_arg. It affects all versions up to and including 1.5.7. Unauthenticated attackers can inject arbitrary scripts into page...
WordPress Smart Online Order for Clover plugin <= 1.5.7 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Smart Online Order for Clover versions = 1.5.7...
CVE-2024-9895
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mooreceiptlink shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-9895
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mooreceiptlink shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-9895
CVE-2024-9895 affects the WordPress plugin Smart Online Order for Clover (versions
WordPress Smart Online Order for Clover plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via moo_receipt_link Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via mooreceiptlink Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Smart Online Order for Clover versions = 1.5.7...
WordPress Smart Online Order for Clover Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)
Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9895 Patch priority Low CVSS severity Low 6.5 Developer Zaytech PSID 130bf1a9af2d Credits Peter Thaleikis...
WordPress Smart Online Order for Clover Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)
Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8787 Patch priority Medium CVSS severity Medium 7.1 Developer Zaytech PSID ef2985b5f2b9 Credits vgo0 Require...
WordPress plugin Smart Online Order for Clover 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress plugin Smart Online Order for Clover 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2024-39252 · WordPress · Smart Online Order For Clover
Name of the Vulnerable Software and Affected Versions: Smart Online Order for Clover plugin for WordPress versions up to, and including, 1.5.7 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping on t...
CVE-2024-7032
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moodeactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin an...