Lucene search
+L

78 matches found

Patchstack
Patchstack
added 2024/04/18 12:0 a.m.14 views

WordPress EAN for WooCommerce Plugin <= 4.9.2 is vulnerable to Cross Site Scripting (XSS)

Software EAN for WooCommerce Type Plugin Vulnerable versions = 4.9.2 Fixed in 4.9.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6892 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 176bb636dd93 Credits Francesco Carlucci...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.6 views

PT-2024-15120 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: EAN for WooCommerce plugin for WordPress versions up to, and including, 4.8.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'alg wc ean product meta' shortcode due to insufficient input sanitization and...

6.4CVSS6AI score0.0032EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.13 views

EAN for WooCommerce < 4.9.3 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

Description The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

4.3CVSS5.3AI score0.00375EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2024/01/18 1:47 a.m.35 views

[SECURITY] Fedora 39 Update: zbar-0.23.93-1.fc39

ZBar Bar Code Reader is an open source software suite for reading bar codes from various sources, such as video streams, image files and raw intensity sensors. It supports EAN-13/UPC-A, UPC-E, EAN-8, Code 128, Code 93, Code 39, Codabar, Interleaved 2 of 5, QR Code and SQ Code...

9.8CVSS9.7AI score0.01787EPSS
Exploits0
Fedora
Fedora
added 2024/01/18 1:26 a.m.22 views

[SECURITY] Fedora 38 Update: zbar-0.23.93-1.fc38

ZBar Bar Code Reader is an open source software suite for reading bar codes from various sources, such as video streams, image files and raw intensity sensors. It supports EAN-13/UPC-A, UPC-E, EAN-8, Code 128, Code 93, Code 39, Codabar, Interleaved 2 of 5, QR Code and SQ Code...

9.8CVSS9.7AI score0.01787EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.8 views

WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

Description The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level acces...

4.3CVSS6.7AI score0.00357EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/10/20 7:15 a.m.32 views

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS4.3AI score0.00357EPSS
Exploits0References2
OSV
OSV
added 2023/10/20 7:15 a.m.6 views

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS7.3AI score0.00357EPSS
Exploits0References2
Prion
Prion
added 2023/10/20 7:15 a.m.17 views

Design/Logic Flaw

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4CVSS4.3AI score0.00357EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/20 6:35 a.m.8 views

CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS6.5AI score0.00357EPSS
Exploits0References2
CVE
CVE
added 2023/10/20 6:35 a.m.47 views

CVE-2023-4947

The CVE-2023-4947 entry concerns the WooCommerce EAN Payment Gateway plugin for WordPress. A missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0 allows authenticated attackers with contributor-level access or higher to modify EAN numbers on orders. The vulne...

4.3CVSS4.6AI score0.00357EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/20 6:35 a.m.37 views

CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS4.6AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.7 views

PT-2023-31235 · WordPress · Woocommerce Ean Payment Gateway

Name of the Vulnerable Software and Affected Versions: WooCommerce EAN Payment Gateway plugin for WordPress versions up to 6.1.0 Description: The issue is related to unauthorized modification of data due to a missing capability check on the refresh order ean data AJAX action. This allows...

4.3CVSS8.5AI score0.00357EPSS
Exploits0References7
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.19 views

WordPress WooCommerce EAN Payment Gateway Plugin < 6.1.0 is vulnerable to Broken Access Control

Software WooCommerce EAN Payment Gateway Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4947 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9bfa8f9c4e66 Credits Lana Codes Yan&C...

4.3CVSS6.9AI score0.00357EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2023/05/01 5:29 p.m.6 views

ean-online.com Cross Site Scripting vulnerability OBB-3286151

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6AI score
Exploits0
NVD
NVD
added 2023/02/06 8:15 p.m.23 views

CVE-2023-0062

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.4AI score0.00573EPSS
Exploits2References1
Prion
Prion
added 2023/02/06 8:15 p.m.21 views

Cross site scripting

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.4AI score0.00573EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.8 views

CVE-2023-0062 EAN for WooCommerce < 4.4.3 - Contributor+ Stored XSS

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.1AI score0.00573EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/06 7:59 p.m.25 views

CVE-2023-0062 EAN for WooCommerce < 4.4.3 - Contributor+ Stored XSS

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.6AI score0.00573EPSS
Exploits2References1
CVE
CVE
added 2023/02/06 7:59 p.m.68 views

CVE-2023-0062

CVE-2023-0062 affects the WordPress plugin “EAN for WooCommerce” prior to version 4.4.3. The vulnerability arises because the plugin does not validate and escape certain shortcode attributes before echoing them on pages/posts containing the shortcode, enabling stored XSS for users with the Contri...

5.4CVSS5.3AI score0.00573EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder