17 matches found
EUVD-2022-42831
Malicious code in bioql PyPI...
WordPress WooCommerce Multiple Free Gift plugin <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding vulnerability
Insufficient Server-Side Validation to Arbitrary Gift Adding vulnerability discovered by Danielius Vargonas in WordPress Plugin WooCommerce Multiple Free Gift versions = 1.2.3...
WordPress WooCommerce Multiple Free Gift Plugin <= 1.2.3 is vulnerable to Bypass Vulnerability
Software WooCommerce Multiple Free Gift Type Plugin Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-3459 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4aced825e176 Credits Danielius Vargonas...
CVE-2022-3459
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add...
CVE-2022-3459 WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add...
CVE-2022-3459
CVE-2022-3459 affects the WordPress plugin WooCommerce Multiple Free Gift (versions up to and including 1.2.3). The issue is insufficient server‑side validation of which products can be gifted, allowing unauthenticated attackers to add non‑gift items as gifts (gift manipulation). CVSS v3.1 base s...
CVE-2022-3459 WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add...
WordPress plugin WooCommerce Multiple Free Gift 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exis...
PT-2024-11594 · WordPress · Woocommerce Multiple Free Gift
Name of the Vulnerable Software and Affected Versions: WooCommerce Multiple Free Gift plugin for WordPress versions up to, and including, 1.2.3 Description: The issue arises from the plugin not enforcing server-side checks on the products that can be added as a gift. This allows unauthenticated...
Malicious code in tricks_updated_xbox_unlimited_giftcards__generator_for_free-zart5 (npm)
--- -= Per source details. Do not edit below this line.=-...
Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks
Cybercriminals are tapping into Amazon’s annual discount shopping campaign for subscribers, Prime Day, with researchers warning of a recent spike in phishing and malicious websites that are fraudulently using the Amazon brand. There has been a spike in the number of new monthly phishing and...
FeaturePoints: Free Gift Cards - BSD license, Base64 encoded String, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application FeaturePoints: Free Gift Cards published at the 'play' market has multiple vulnerabilities...
AdvertApp: Free Gift Card - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application AdvertApp: Free Gift Card published at the 'play' market has multiple vulnerabilities...
Joy Rewards - Free Gift Cards - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Joy Rewards - Free Gift Cards published at the 'play' market has multiple vulnerabilities...
TapLoot - Free Gift Cards! - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application TapLoot - Free Gift Cards! published at the 'play' market has multiple vulnerabilities...
GrabPoints - Free Gift Cards - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application GrabPoints - Free Gift Cards published at the 'play' market has multiple vulnerabilities...
CVE-2014-5573
The CVE concerns the Android app “The Appstros - FREE Gift Cards!” (package com.appstros.main, version 1.1.3). It states that the app does not verify X.509 certificates from SSL servers, enabling a man-in-the-middle to spoof servers and capture sensitive information via a crafted certificate. The...