Lucene search
+L

69 matches found

ptsecurity
ptsecurity
added 2024/11/13 12:0 a.m.11 views

PT-2024-16591 · WordPress · Buy One Click Woocommerce Plugin

Name of the Vulnerable Software and Affected Versions: Buy one click WooCommerce plugin for WordPress versions up to, and including, 2.2.9 Description: The issue arises from a missing capability check on the buy one click export options AJAX action, allowing authenticated attackers with...

4.3CVSS9AI score0.00388EPSS
Exploits0References6
osv
osv
added 2024/08/15 5:15 p.m.2 views

CVE-2024-42966

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh...

9.8CVSS5.8AI score0.00609EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/08/15 12:0 a.m.5 views

TOTOLINK LR350 安全漏洞

TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK LR350 suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability are provid...

9.8CVSS6.8AI score0.00604EPSS
Exploits1References2
cnnvd
cnnvd
added 2024/08/15 12:0 a.m.5 views

TOTOLINK N350RT 安全漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability ar...

9.8CVSS6.8AI score0.00609EPSS
Exploits1References2
osv
osv
added 2024/07/28 11:15 a.m.4 views

CVE-2024-7156

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack m...

7.5CVSS4.8AI score0.13339EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2024/07/28 12:0 a.m.7 views

PT-2024-38118 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A vulnerability was found in the apmib Configuration Handler component, specifically affecting some unknown functionality of the file /cgi-bin/ExportSettings.sh. This issue leads to...

7.5CVSS5.4AI score0.13339EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2024/06/24 12:0 a.m.8 views

PT-2024-28264 · Wavlink · Wavlink Wn551K1

Name of the Vulnerable Software and Affected Versions: Wavlink WN551K1 affected versions not specified Description: The issue allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. Recommendations: At the moment, there is no information about a newer...

6.5CVSS6.7AI score0.00395EPSS
Exploits1References4
osv
osv
added 2024/06/06 8:15 a.m.7 views

CVE-2024-5665

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘exportsettings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.9AI score0.00362EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/06/06 12:0 a.m.5 views

WordPress plugin Login/Signup Popup ( Inline Form + Woocommerce) security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

4.3CVSS6.6AI score0.00362EPSS
Exploits0References4
cnvd
cnvd
added 2024/04/10 12:0 a.m.1 views

Unspecified vulnerability in TOTOLINK EX200 ExportSettings.sh file

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A security vulnerability exists in the TOTOLINK EX200, which stems from improper privilege...

9.1CVSS6.9AI score0.00584EPSS
Exploits1References1
osv
osv
added 2024/04/08 1:15 p.m.4 views

CVE-2024-31815

In TOTOLINK EX200 V4.0.3c.7314B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh...

9.1CVSS5.8AI score0.00584EPSS
Exploits1References1
osv
osv
added 2024/02/29 1:43 a.m.4 views

CVE-2024-1340

The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generateexportfile function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and...

5.4CVSS5.8AI score0.00393EPSS
Exploits1References3
osv
osv
added 2024/02/27 1:15 a.m.3 views

CVE-2024-22543

An issue was discovered in Linksys Router E1700 1.0.04 build 3, allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/ URI or via the ExportSettings function...

6.1CVSS5.8AI score0.01214EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/02/27 12:0 a.m.5 views

Linksys E1700 Security Breach

Linksys E1700 is a wireless router from Linksys USA. A security vulnerability exists in Linksys E1700 version 1.0.04. An attacker can exploit the vulnerability to escalate privileges via a specially crafted GET request to the /goform/ URI or via the ExportSettings function...

6.1CVSS7.1AI score0.01214EPSS
Exploits1References2
osv
osv
added 2024/01/11 9:15 a.m.3 views

CVE-2023-6496

The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the cardfamneexportsettings function. This makes it possible for unauthenticated attackers to obtain plugin settings...

5.3CVSS7.3AI score0.00459EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/01/11 12:0 a.m.6 views

PT-2024-14974 · WordPress · Manage Notification E-Mails Plugin

Name of the Vulnerable Software and Affected Versions: Manage Notification E-mails plugin for WordPress versions up to, and including, 1.8.5 Description: The issue concerns Missing Authorization, allowing unauthenticated attackers to obtain plugin settings via the card famne export settings...

5.3CVSS6AI score0.00459EPSS
Exploits0References6
cnnvd
cnnvd
added 2023/10/20 12:0 a.m.4 views

WordPress Plugin WooCommerce Dynamic Pricing and Discounts Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.7AI score0.00588EPSS
Exploits1References3
nvd
nvd
added 2023/07/01 4:15 a.m.28 views

CVE-2020-36736

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...

4.3CVSS4.2AI score0.00458EPSS
Exploits1References9
prion
prion
added 2023/07/01 4:15 a.m.19 views

Cross site request forgery (csrf)

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...

4.3CVSS4.3AI score0.00458EPSS
Exploits1References9Affected Software1
cnnvd
cnnvd
added 2023/07/01 12:0 a.m.6 views

WordPress Plugin Import / Export Customizer Settings 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS5AI score0.00458EPSS
Exploits1References10
Rows per page
Query Builder