Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:19 a.m.5 views

CVE-2024-12220

The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forg...

6.1CVSS6.4AI score0.00221EPSS
Exploits0References1
CVE
CVE
added 2024/12/17 7:23 a.m.44 views

CVE-2024-12220

CVE-2024-12220 involves the WordPress plugin “SMS for WooCommerce”. The vulnerability is a Cross-Site Request Forgery (CSRF) in all versions up to 2.8.1 caused by missing or incorrect nonce validation on a function. This enables unauthenticated attackers to inject malicious web scripts by trickin...

6.1CVSS6AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/17 7:23 a.m.17 views

CVE-2024-12220 SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forg...

6.1CVSS0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/17 7:23 a.m.7 views

CVE-2024-12220 SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forg...

6.1CVSS6.7AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder