Lucene search
+L

141 matches found

cve
cve
added 2024/11/01 2:17 p.m.53 views

CVE-2024-43254

CVE-2024-43254 affects the WordPress plugin Clover Online Orders (Smart Online Order for Clover). The connected docs identify a Missing Authorization issue due to misconfigured access control in Smart Online Order for Clover up to version 1.5.6. The Wordfence/CVE entries note the vulnerability as...

8.8CVSS5.9AI score0.00417EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/11/01 12:0 a.m.4 views

WordPress plugin Smart Online Order for Clover 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS6.5AI score0.00604EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/11/01 12:0 a.m.5 views

WordPress plugin Smart Online Order for Clover 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exis...

8.8CVSS6.6AI score0.00417EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/11/01 12:0 a.m.15 views

PT-2024-30416 · Zaytech · Zaytech Smart Online Order For Clover

Name of the Vulnerable Software and Affected Versions: Zaytech Smart Online Order for Clover versions 1.5.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

8.8CVSS6.8AI score0.00417EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/11/01 12:0 a.m.3 views

PT-2024-30415 · Zaytech · Zaytech Smart Online Order For Clover

Name of the Vulnerable Software and Affected Versions: Zaytech Smart Online Order for Clover versions 1.5.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions...

9.8CVSS6.5AI score0.00604EPSS
Exploits0References4
osv
osv
added 2024/10/16 2:15 a.m.4 views

CVE-2024-8787

The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00363EPSS
Exploits0References5
nvd
nvd
added 2024/10/16 2:15 a.m.34 views

CVE-2024-8787

The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00363EPSS
Exploits0References5
cvelist
cvelist
added 2024/10/16 2:5 a.m.40 views

CVE-2024-8787 Smart Online Order for Clover <= 1.5.7 - Reflected Cross-Site Scripting

The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00363EPSS
Exploits0References5
cve
cve
added 2024/10/16 2:5 a.m.62 views

CVE-2024-8787

CVE-2024-8787 (Smart Online Order for Clover, WordPress) is a Reflected Cross-Site Scripting vulnerability caused by improper escaping when using add_query_arg and remove_query_arg. It affects all versions up to and including 1.5.7. Unauthenticated attackers can inject arbitrary scripts into page...

6.1CVSS6.3AI score0.00363EPSS
Exploits0References5Affected Software1
patchstack
patchstack
added 2024/10/15 1:6 p.m.5 views

WordPress Smart Online Order for Clover plugin <= 1.5.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Smart Online Order for Clover versions = 1.5.7...

6.1CVSS6.3AI score0.00363EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2024/10/15 9:15 a.m.26 views

CVE-2024-9895

The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mooreceiptlink shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00333EPSS
Exploits0References6
osv
osv
added 2024/10/15 9:15 a.m.3 views

CVE-2024-9895

The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mooreceiptlink shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

5.4CVSS6AI score0.00333EPSS
Exploits0References6
cve
cve
added 2024/10/15 8:29 a.m.58 views

CVE-2024-9895

CVE-2024-9895 affects the WordPress plugin Smart Online Order for Clover (versions

6.4CVSS5.5AI score0.00333EPSS
Exploits0References6Affected Software1
patchstack
patchstack
added 2024/10/15 3:19 a.m.5 views

WordPress Smart Online Order for Clover plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via moo_receipt_link Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mooreceiptlink Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Smart Online Order for Clover versions = 1.5.7...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/10/15 12:0 a.m.11 views

WordPress Smart Online Order for Clover Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9895 Patch priority Low CVSS severity Low 6.5 Developer Zaytech PSID 130bf1a9af2d Credits Peter Thaleikis...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2024/10/15 12:0 a.m.16 views

WordPress Smart Online Order for Clover Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Smart Online Order for Clover Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8787 Patch priority Medium CVSS severity Medium 7.1 Developer Zaytech PSID ef2985b5f2b9 Credits vgo0 Require...

6.1CVSS5.7AI score0.00363EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2024/10/15 12:0 a.m.6 views

WordPress plugin Smart Online Order for Clover 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References7
cnnvd
cnnvd
added 2024/10/15 12:0 a.m.5 views

WordPress plugin Smart Online Order for Clover 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.1CVSS6AI score0.00363EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/10/15 12:0 a.m.10 views

PT-2024-39252 · WordPress · Smart Online Order For Clover

Name of the Vulnerable Software and Affected Versions: Smart Online Order for Clover plugin for WordPress versions up to, and including, 1.5.7 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping on t...

6.1CVSS6.7AI score0.00363EPSS
Exploits0References12
nvd
nvd
added 2024/08/21 6:15 a.m.25 views

CVE-2024-7032

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moodeactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin an...

6.5CVSS0.00482EPSS
Exploits0References4
Rows per page
Query Builder