Lucene search
+L

140 matches found

CVE
CVE
added 2024/02/21 3:36 a.m.77 views

CVE-2024-1562

The vulnerability CVE-2024-1562 affects the WooCommerce Google Sheet Connector plugin for WordPress. All versions up to and including 1.3.11 are susceptible to unauthorized modification of data due to a missing capability check in the execute_post_data function, enabling unauthenticated attackers...

5.3CVSS5.4AI score0.00431EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.5 views

WordPress Plugin WooCommerce Google Sheet Connector Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS8.6AI score0.00431EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/02/21 12:0 a.m.10 views

WordPress WooCommerce Google Sheet Connector Plugin <= 1.3.11 is vulnerable to Broken Access Control

Software WooCommerce Google Sheet Connector Type Plugin Vulnerable versions = 1.3.11 Fixed in 1.3.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1562 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a751d510280b Credits Francesco...

5.3CVSS6.5AI score0.00431EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.8 views

PT-2024-18133 · WordPress · Woocommerce Google Sheet Connector

Name of the Vulnerable Software and Affected Versions: WooCommerce Google Sheet Connector plugin for WordPress versions up to, and including, 1.3.11 Description: The issue allows unauthorized modification of data due to a missing capability check on the execute post data function. This makes it...

5.3CVSS6.1AI score0.00431EPSS
Exploits0References6
Veracode
Veracode
added 2023/10/23 10:42 a.m.208 views

Information Disclosure

github.com/grafana/google-sheets-datasource is vulnerable to Information Disclosure. The vulnerability is due to improper error message sanitization in googlesheets.go during the client.GetSpreadsheet function call. This potentially expose the Google Sheet API-key that is configured for the data...

7.5CVSS6.8AI score0.00389EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.4 views

WordPress WordPress WooCommerce Sync for Google Sheet Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software WordPress WooCommerce Sync for Google Sheet Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 80c24732fce2 Credits Rafie Muhamm...

6.2AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.5 views

WordPress Google Sheet Connector for Easy Digital Downloads Plugin < 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Google Sheet Connector for Easy Digital Downloads Type Plugin Vulnerable versions 1.6.6 Fixed in 1.6.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2b571060efb4 Credits...

6.9AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress Elementor Forms Google Sheet Connector Plugin < 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Forms Google Sheet Connector Type Plugin Vulnerable versions 1.0.9 Fixed in 1.0.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 998b2d169caf Credits Rafie...

6.5AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.10 views

WordPress Ninja Forms Google Sheet Connector Plugin < 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Google Sheet Connector Type Plugin Vulnerable versions 1.2.8 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6596a374e7d4 Credits Rafie Muhammad...

6.2AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress WooCommerce Google Sheet Connector Plugin < 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Google Sheet Connector Type Plugin Vulnerable versions 1.3.5 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b09a38dc4e5c Credits Rafie Muhammad...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/07/17 2:15 p.m.28 views

CVE-2023-2329

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

8.8CVSS0.00389EPSS
Exploits2References1
OSV
OSV
added 2023/07/17 2:15 p.m.3 views

CVE-2023-2329

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

8.8CVSS6AI score0.00389EPSS
Exploits2References1
Prion
Prion
added 2023/07/17 2:15 p.m.28 views

Cross site request forgery (csrf)

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

6.8CVSS8.6AI score0.00389EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/07/17 1:29 p.m.37 views

CVE-2023-2329 WooCommerce Google Sheet Connector < 1.3.6 - Access Code Update via CSRF

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

8.8AI score0.00389EPSS
Exploits2References1
CVE
CVE
added 2023/07/17 1:29 p.m.55 views

CVE-2023-2329

The CVE-2023-2329 entry corresponds to a CSRF vulnerability in the WooCommerce Google Sheet Connector WordPress plugin (versions before 1.3.6). The issue is a lack of CSRF protection when updating the Access Code, which could let an attacker, via CSRF, cause a logged-in administrator to change th...

8.8CVSS8.6AI score0.00389EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/17 1:29 p.m.15 views

CVE-2023-2329 WooCommerce Google Sheet Connector < 1.3.6 - Access Code Update via CSRF

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

6.9AI score0.00389EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.6 views

WordPress plugin WooCommerce Google Sheet Connector 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

8.8CVSS8.5AI score0.00389EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.8 views

PT-2023-18888

Name of the Vulnerable Software and Affected Versions WooCommerce Google Sheet Connector WordPress plugin versions prior to 1.3.6 Description The issue concerns a lack of CSRF check when updating the Access Code, allowing attackers to potentially make logged-in admins change the access code to an...

8.8CVSS7.3AI score0.00389EPSS
Exploits2References4
OSV
OSV
added 2023/07/04 8:15 a.m.5 views

CVE-2023-2324

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

6.1CVSS7.3AI score0.00458EPSS
Exploits1References1
NVD
NVD
added 2023/07/04 8:15 a.m.31 views

CVE-2023-2333

The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...

6.1CVSS6AI score0.00717EPSS
Exploits1References1
Rows per page
Query Builder