Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

26 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:55 a.m.8 views

CVE-2020-12120

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers...

7.5CVSS6.8AI score0.00561EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-49443

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.007EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 5:40 a.m.2 views

CVE-2023-0331

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

7.5CVSS7.7AI score0.0051EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/05/23 12:15 a.m.4 views

CVE-2022-46639

A vulnerability in the descargaetiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal...

7.5CVSS7.1AI score0.007EPSS
Exploits0References1
Patchstack
Patchstackadded 2023/02/28 12:0 a.m.6 views

WordPress Correos Oficial Plugin <= 1.3.0.0 is vulnerable to Arbitrary File Download

Software Correos Oficial Type Plugin Vulnerable versions = 1.3.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-0331 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID 8d6ba27c44e0 Credits Andrea Iodice Required...

7.5CVSS6.9AI score0.0051EPSS
Exploits2References2Affected Software1
NVD
NVDadded 2023/02/27 4:15 p.m.7 views

CVE-2023-0331

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

7.5CVSS7.6AI score0.0051EPSS
Exploits2References1
OSV
OSVadded 2023/02/27 4:15 p.m.1 views

CVE-2023-0331

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

7.5CVSS7.2AI score0.0051EPSS
Exploits2References1
Prion
Prionadded 2023/02/27 4:15 p.m.11 views

Design/Logic Flaw

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

5CVSS7.6AI score0.0051EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2023/02/27 3:24 p.m.11 views

CVE-2023-0331 Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

7.8AI score0.0051EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/02/27 3:24 p.m.4 views

CVE-2023-0331 Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

7.8AI score0.0051EPSS
Exploits2References1
CVE
CVEadded 2023/02/27 3:24 p.m.71 views

CVE-2023-0331

CVE-2023-0331 concerns the Correos Oficial WordPress plugin. The provided documents confirm a lack of authorization checks during file-path generation, enabling unauthenticated arbitrary file download from the server. Affected product: Correos Oficial WordPress plugin. Reported vulnerable version...

7.5CVSS7.6AI score0.0051EPSS
Exploits2References1Affected Software1
CNNVD
CNNVDadded 2023/02/27 12:0 a.m.1 views

WordPress Plugin Correos Oficial SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

7.5CVSS7.8AI score0.0051EPSS
Exploits2References2
WPVulnDB
WPVulnDBadded 2023/01/31 12:0 a.m.16 views

Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download

The plugin does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. PoC Dependency: WooCommerce plugin Use the following curl command to download the contents of the wp-config.php file:...

7.5CVSS7.8AI score0.0051EPSS
Exploits2Affected Software1
wpexploit
wpexploitadded 2023/01/31 12:0 a.m.503 views

Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download

The plugin does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. Dependency: WooCommerce plugin Use the following curl command to download the contents of the wp-config.php file: curl...

7.5CVSS7.9AI score0.0051EPSS
Exploits2
OSV
OSVadded 2023/01/23 10:15 p.m.1 views

CVE-2022-46639

A vulnerability in the descargaetiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal...

7.5CVSS5.8AI score0.007EPSS
Exploits0References1
NVD
NVDadded 2023/01/23 10:15 p.m.7 views

CVE-2022-46639

A vulnerability in the descargaetiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal...

7.5CVSS7.6AI score0.007EPSS
Exploits0References1
CNNVD
CNNVDadded 2023/01/23 12:0 a.m.1 views

PrestaShop 路径遍历漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in Correos Prestashop version 1.7.x, which stems from the descargaetiqueta.php...

7.5CVSS7.4AI score0.007EPSS
Exploits0References2
CVE
CVEadded 2023/01/23 12:0 a.m.51 views

CVE-2022-46639

CVE-2022-46639 is a directory-traversal vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x. The issue targets the affected PrestaShop installation and could allow an attacker to access restricted files through crafted input, as indicated by the provided documents. Th...

7.5CVSS7.5AI score0.007EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/01/23 12:0 a.m.3 views

CVE-2022-46639

A vulnerability in the descargaetiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal...

7.8AI score0.007EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/01/23 12:0 a.m.11 views

CVE-2022-46639

A vulnerability in the descargaetiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal...

7.8AI score0.007EPSS
Exploits0References1
Rows per page
Query Builder