Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/23 5:29 a.m.3 views

CVE-2025-10731

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...

5.3CVSS5.8AI score0.00312EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.7 views

CVE-2023-0865

The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to...

8.8CVSS7.9AI score0.01196EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/08/06 7:18 a.m.2 views

WordPress WooCommerce Multiple Customer Addresses & Shipping plugin < 24.9 - Vulnerable ACF Pro plugin Embed vulnerability

Vulnerable ACF Pro plugin Embed vulnerability discovered by ? in WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping versions 24.9...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/06 12:0 a.m.6 views

WordPress WooCommerce Multiple Customer Addresses & Shipping Plugin < 24.9 is vulnerable to Multiple Vulnerabilities

Software WooCommerce Multiple Customer Addresses & Shipping Type Plugin Vulnerable versions 24.9 Fixed in 24.9 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Multiple Vulnerabilities CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2a12b42bb04b...

6.9AI score
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/27 6:53 p.m.16 views

CVE-2024-29888 Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method

Saleor is an e-commerce platform that serves high-volume companies. When using Pickup: Local stock only click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue...

4.2CVSS6.8AI score0.00537EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.6 views

Saleor 安全漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. Saleor has a security vulnerability that stems from the presence of a customer address disclosure issue. Affected products...

5.4CVSS6.4AI score0.00537EPSS
Exploits0References12
OSV
OSV
added 2024/02/29 1:43 a.m.5 views

CVE-2024-1294

The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer...

5.3CVSS7.3AI score0.00678EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-17810 · WordPress · Sunshine Photo Cart

Name of the Vulnerable Software and Affected Versions: The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress versions up to, and including, 3.0.24 Description: The issue allows unauthenticated attackers to extract sensitive data, including customer email and physic...

5.3CVSS6.2AI score0.00678EPSS
Exploits0References6
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.9 views

WordPress WooCommerce Multiple Customer Addresses & Shipping Plugin < 21.7 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Multiple Customer Addresses & Shipping Type Plugin Vulnerable versions 21.7 Fixed in 21.7 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0865 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID...

8.8CVSS6.5AI score0.01196EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2023/03/20 4:15 p.m.14 views

Cross site request forgery (csrf)

The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to...

6.5CVSS8.5AI score0.01196EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/03/20 3:52 p.m.19 views

CVE-2023-0865 WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR

The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to...

8.7AI score0.01196EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.16 views

WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS7.8AI score0.01196EPSS
Exploits2References2
Hacker One
Hacker One
added 2021/07/27 2:20 p.m.20 views

Shopify: Ability to add address without being an admin or staff in the store via wholesale store

Customers in the shopify store can be added manually or automatically, an example is added automatically when you want to checkout here we don't need to checkout just by proceeding to "Continue to shipping" information will be sent directly to the customer such as email address and other things b...

2.1AI score
Exploits0
Prion
Prion
added 2020/03/05 5:15 p.m.14 views

Code injection

In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the idaddress in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the idcustomer and change all information of all accounts. The problem is...

4.9CVSS6.2AI score0.00851EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder