WordPress FULL – Cliente plugin <= 3.1.26 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin FULL Customer versions = 3.1.26...

WordPress plugin FULL Customer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress FULL – Cliente plugin <= 3.1.25 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin FULL Customer versions = 3.1.25...

WordPress FULL Cliente plugin <= 3.1.22 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin FULL Customer versions = 3.1.22...

WordPress FULL Customer Plugin <= 3.1.22 is vulnerable to Cross Site Scripting (XSS)

Software FULL Customer Type Plugin Vulnerable versions = 3.1.22 Fixed in 3.1.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 199342483259 Credits vgo0 Required...

Login as User or Customer (User Switching) <= 3.8 - Authentication Bypass

Description The Login as User or Customer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.8. This makes it possible for unauthenticated attackers to login as another user and escalate their privileges...

CVE-2023-4242

The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about...

CVE-2023-4243

CVE-2023-4243 affects the FULL – Customer WordPress plugin. Root cause: improper authorization in the /install-plugin REST route allows authenticated users with subscriber-level or higher to install plugins from arbitrary remote locations, enabling potential code execution. Affected: FULL – Custo...

WordPress FULL Customer Plugin <= 2.2.3 is vulnerable to Sensitive Data Exposure

Software FULL Customer Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.3 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4242 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 83963600e826 Credits Ramuel Gall Required privilege...

WordPress FULL Customer Plugin <= 2.2.3 is vulnerable to Broken Access Control

Software FULL Customer Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.3 OWASP Top 10 A6: Security Misconfiguration Classification Broken Access Control CVE CVE-2023-4243 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 72dc4e55ce85 Credits Ramuel Gall Required privile...

CVE-2023-27422

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in NsThemes NS Coupon To Become Customer plugin = 1.2.2 versions...

PT-2023-28336 · WordPress · Full - Customer

Name of the Vulnerable Software and Affected Versions: The FULL - Customer plugin for WordPress versions up to, and including, 2.2.3 Description: The issue allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote...

PT-2023-28332 · WordPress · Full - Customer

Name of the Vulnerable Software and Affected Versions: The FULL - Customer plugin for WordPress versions up to, and including, 2.2.3 Description: The issue allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as...

VulnCheck KEV: CVE-2023-4243

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...

WordPress NS Coupon to Become Customer Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software NS Coupon to Become Customer Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27422 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a7da2829233a Credits Pavitra Tiwa...