20 matches found
EUVD-2023-37479
Malicious code in bioql PyPI...
EUVD-2023-37482
Malicious code in bioql PyPI...
CVE-2023-33318 WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload
Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40...
CVE-2023-33330 WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.50 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50...
CVE-2023-33330 WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.50 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50...
CVE-2023-33316
Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Follow-Up Emails AutomateWoo plugin = 4.9.40 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Follow-Up Emails AutomateWoo plugin = 4.9.40 versions...
CVE-2023-33319
CVE-2023-33319: Unauth. Reflected Cross-Site Scripting in the WooCommerce Follow-Up Emails (AutomateWoo) plugin, affecting versions up to and including 4.9.40. The vulnerability is an unauthenticated XSS that can be triggered via user-controlled input reflected in the response. Patchstack lists a...
CVE-2023-33316 WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Follow-Up Emails AutomateWoo plugin = 4.9.40 versions...
CVE-2023-33316 WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in WooCommerce WooCommerce Follow-Up Emails AutomateWoo plugin = 4.9.40 versions...
CVE-2023-33316
CVE-2023-33316 is a CSRF vulnerability in the WooCommerce Follow-Up Emails (AutomateWoo) WordPress plugin, affecting versions
WordPress plugin WooCommerce Follow-Up Emails 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2023-24290 · WordPress · Woocommerce Follow-Up Emails
Name of the Vulnerable Software and Affected Versions: WooCommerce Follow-Up Emails AutomateWoo plugin versions prior to 4.9.41 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker could potentially inject malicious scripts...
WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.50 is vulnerable to SQL Injection
Software WooCommerce Follow-Up Emails Type Plugin Vulnerable versions = 4.9.50 Fixed in 4.9.51 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-33330 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7a94f72827ab Credits Rafie Muhammad Patchstack Required...
WooCommerce Follow-Up Emails < 4.9.50 - Unauthenticated Reflected XSS
The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...
WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload
Software WooCommerce Follow-Up Emails Type Plugin Vulnerable versions = 4.9.40 Fixed in 4.9.50 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-33318 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID c6e0ffcab096 Credits Rafie Muhammad...
WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF)
Software WooCommerce Follow-Up Emails Type Plugin Vulnerable versions = 4.9.40 Fixed in 4.9.50 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-33316 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0e0bdd6cea04 Credits Rafi...
WooCommerce Follow-Up Emails < 4.9.50 - Cross-Site Request Forgery (CSRF)
The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...
WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Follow-Up Emails Type Plugin Vulnerable versions = 4.9.40 Fixed in 4.9.50 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33319 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da1adfccae00 Credits...
CVE-2022-2389
The CVE-2022-2389 entry concerns the WordPress plugin Autonami (Automations By Autonami) for WooCommerce. Prior to version 2.1.2, one AJAX action lacked proper authorization and CSRF checks, allowing any authenticated user (e.g., subscribers) to create automations. This is corroborated across mul...