11 matches found
CVE-2025-15033
CVE-2025-15033 affects WooCommerce core 8.1–10.4.2 under a specific site configuration, allowing logged-in customers to view guest order data. The issue is mitigated by patches in 10.4.3 and backported to 8.1.3; sites on 8.0 or earlier are not affected. If applicable, upgrade to 10.4.3 or 8.1.3+ ...
CVE-2024-40633
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...
Information Disclosure
sylius/sylius is vulnerable to Information Disclosure. The vulnerability is due to the /api/v2/shop/adjustments/id endpoint, which allows an attacker to enumerate valid adjustment IDs to retrieve order tokens and access sensitive guest customer information...
CVE-2024-40633
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...
CVE-2024-40633 Customer data leak via adjustments API endpoint in Sylius
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve ord...
GHSA-55RF-8Q29-4G43 Sylius has a security vulnerability via adjustments API endpoint
Impact A security vulnerability was discovered in the /api/v2/shop/adjustments/id endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve order tokens. Using these tokens, an attacker can...
CVE-2024-25841
In the module "So Flexibilite" soflexibilite from Common-Services for PrestaShop 4.1.26, a guest authenticated customer can perform Cross Site Scripting XSS injection...
CVE-2022-3603
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...
CVE-2022-3603
The CVE-2022-3603 issue affects the WordPress plugin “Export customers list csv for WooCommerce” (and related WordPress export functionality). The vulnerability is due to lack of data validation when outputting data back into a CSV file, enabling CSV injection. Affected versions are prior to 2.0....
PT-2022-23127 · Woocommerce +1 · Export Customers List Csv For Woocommerce +2
Name of the Vulnerable Software and Affected Versions: Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin versions prior to 2.0.69 Description: The issue concerns a lack of data validation when outputting data back into a CSV file,...