Lucene search
K

11 matches found

CVE
CVE
added 2025/12/22 6:57 p.m.22 views

CVE-2025-15033

CVE-2025-15033 affects WooCommerce core 8.1–10.4.2 under a specific site configuration, allowing logged-in customers to view guest order data. The issue is mitigated by patches in 10.4.3 and backported to 8.1.3; sites on 8.0 or earlier are not affected. If applicable, upgrade to 10.4.3 or 8.1.3+ ...

6.5CVSS6.5AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:38 a.m.36 views

CVE-2024-40633

Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...

5.3CVSS5.1AI score0.0038EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/18 8:45 a.m.20 views

Information Disclosure

sylius/sylius is vulnerable to Information Disclosure. The vulnerability is due to the /api/v2/shop/adjustments/id endpoint, which allows an attacker to enumerate valid adjustment IDs to retrieve order tokens and access sensitive guest customer information...

5.3CVSS6.9AI score0.0038EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/17 6:15 p.m.33 views

CVE-2024-40633

Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...

5.3CVSS0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/17 5:51 p.m.41 views

CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius

Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...

5.3CVSS0.0038EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/17 5:51 p.m.28 views

CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius

Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...

5.3CVSS6.6AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2024/07/17 2:32 p.m.19 views

GHSA-55RF-8Q29-4G43 Sylius has a security vulnerability via adjustments API endpoint

Impact A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve order tokens. Using these tokens, an attacker can...

8.7CVSS5.9AI score0.0038EPSS
Exploits0References4
OSV
OSV
added 2024/02/27 5:15 p.m.7 views

CVE-2024-25841

In the module "So Flexibilite" soflexibilite from Common-Services for PrestaShop 4.1.26, a guest authenticated customer can perform Cross Site Scripting XSS injection...

5.9CVSS5.8AI score0.00385EPSS
Exploits1References2
NVD
NVD
added 2022/11/28 2:15 p.m.15 views

CVE-2022-3603

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...

9.8CVSS0.01069EPSS
Exploits1References1
CVE
CVE
added 2022/11/28 1:47 p.m.78 views

CVE-2022-3603

The CVE-2022-3603 issue affects the WordPress plugin “Export customers list csv for WooCommerce” (and related WordPress export functionality). The vulnerability is due to lack of data validation when outputting data back into a CSV file, enabling CSV injection. Affected versions are prior to 2.0....

9.8CVSS9.7AI score0.01069EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.6 views

PT-2022-23127 · Woocommerce +1 · Export Customers List Csv For Woocommerce +2

Name of the Vulnerable Software and Affected Versions: Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin versions prior to 2.0.69 Description: The issue concerns a lack of data validation when outputting data back into a CSV file,...

9.8CVSS7.5AI score0.01069EPSS
Exploits1References5
Rows per page
Query Builder