Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:5 a.m.5 views

CVE-2024-13355

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...

5.4CVSS7AI score0.00357EPSS
Exploits0References1
NVD
NVD
added 2025/01/16 10:15 a.m.11 views

CVE-2024-13355

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...

5.4CVSS0.00357EPSS
Exploits0References2
Circl
Circl
added 2025/01/16 9:55 a.m.6 views

CVE-2024-13355

creationtimestamp| type| source ---|---|--- 2025-01-16 09:55:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1931 2025-01-16 09:59:30+00:00| seen| https://infosec.exchange/users/cve/statuses/113837445634562209 2025-01-16 10:15:53+00:00| seen|...

5.4CVSS7.3AI score0.00357EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/01/16 9:39 a.m.5 views

CVE-2024-13355 Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...

5.4CVSS7.1AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/16 9:39 a.m.16 views

CVE-2024-13355 Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...

5.4CVSS0.00357EPSS
Exploits0References2
CVE
CVE
added 2025/01/16 9:39 a.m.49 views

CVE-2024-13355

CVE-2024-13355 affects the WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo. The vulnerability arises from insufficient file-type validation in the upload_file() function, affecting all versions up to and including 13.2. It enables authenticated attackers with ...

5.4CVSS5.8AI score0.00357EPSS
Exploits0References2
Rows per page
Query Builder