14 matches found
CVE-2025-10731
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...
CVE-2023-0865
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to...
WordPress WooCommerce Multiple Customer Addresses & Shipping plugin < 24.9 - Vulnerable ACF Pro plugin Embed vulnerability
Vulnerable ACF Pro plugin Embed vulnerability discovered by ? in WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping versions 24.9...
WordPress WooCommerce Multiple Customer Addresses & Shipping Plugin < 24.9 is vulnerable to Multiple Vulnerabilities
Software WooCommerce Multiple Customer Addresses & Shipping Type Plugin Vulnerable versions 24.9 Fixed in 24.9 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Multiple Vulnerabilities CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2a12b42bb04b...
CVE-2024-29888 Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Saleor is an e-commerce platform that serves high-volume companies. When using Pickup: Local stock only click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue...
Saleor 安全漏洞
Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. Saleor has a security vulnerability that stems from the presence of a customer address disclosure issue. Affected products...
CVE-2024-1294
The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer...
PT-2024-17810 · WordPress · Sunshine Photo Cart
Name of the Vulnerable Software and Affected Versions: The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress versions up to, and including, 3.0.24 Description: The issue allows unauthenticated attackers to extract sensitive data, including customer email and physic...
WordPress WooCommerce Multiple Customer Addresses & Shipping Plugin < 21.7 is vulnerable to Insecure Direct Object References (IDOR)
Software WooCommerce Multiple Customer Addresses & Shipping Type Plugin Vulnerable versions 21.7 Fixed in 21.7 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0865 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID...
Cross site request forgery (csrf)
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to...
CVE-2023-0865 WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to...
WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Shopify: Ability to add address without being an admin or staff in the store via wholesale store
Customers in the shopify store can be added manually or automatically, an example is added automatically when you want to checkout here we don't need to checkout just by proceeding to "Continue to shipping" information will be sent directly to the customer such as email address and other things b...
Code injection
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the idaddress in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the idcustomer and change all information of all accounts. The problem is...