Lucene search
+L

211 matches found

CVE
CVE
added 2024/09/24 12:0 a.m.57 views

CVE-2023-26689

Summary: CVE-2023-26689 affects CS-Cart MultiVendor 4.16.1, where an attacker can alter arbitrary user account profiles via crafted POST requests. Root cause: insufficient authorization for profile editing. Impact is high (CVE score 9.8). Remediation guidance from related sources suggests disabli...

9.8CVSS7.2AI score0.0062EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.22 views

CVE-2023-26686

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...

0.00711EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.36 views

CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...

0.0128EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.21 views

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...

0.0062EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.31 views

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

0.00684EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.11 views

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

6.3AI score0.00423EPSS
Exploits1References2
CVE
CVE
added 2024/09/24 12:0 a.m.46 views

CVE-2023-26688

CVE-2023-26688 pertains to CS-Cart MultiVendor 4.16.1, where a Cross Site Scripting (XSS) flaw exists in the administration interface. The vulnerability is triggered via the product_data parameter in the add/edit product workflow, potentially allowing remote attackers to execute arbitrary code. T...

5.4CVSS6.3AI score0.00423EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.16 views

CVE-2023-26691

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on...

0.01245EPSS
Exploits1References2
CVE
CVE
added 2024/09/24 12:0 a.m.61 views

CVE-2023-26686

CVE-2023-26686 : CS-Cart MultiVendor 4.16.1 has a file-upload vulnerability in the image upload feature used during shop customization, enabling remote attackers to execute arbitrary code. The root cause is not explicitly detailed beyond noting a file upload flaw; no exploitation specifics or mit...

9.8CVSS7.6AI score0.00711EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.6 views

PT-2024-12110 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: An issue in CS-Cart MultiVendor allows attackers to alter arbitrary user account profiles via crafted post requests. Recommendations: For CS-Cart MultiVendor version 4.16.1, consider disabling...

9.8CVSS7.3AI score0.0062EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.20 views

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

7.5AI score0.00684EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.12 views

PT-2024-12112 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: A Directory Traversal vulnerability allows remote attackers to run arbitrary code via a crafted zip file when installing a new add-on. This issue enables attackers to potentially execute malicio...

7.2CVSS8AI score0.01245EPSS
Exploits1References7
CVE
CVE
added 2024/09/24 12:0 a.m.67 views

CVE-2023-26691

CVE-2023-26691 affects CS-Cart MultiVendor 4.16.1. A Directory Traversal vulnerability in the add-on installation ZIP processing may allow remote code execution when installing a new add-on. Affected software: CS-Cart MultiVendor 4.16.1. Impact stated: remote arbitrary code execution via crafted ...

7.2CVSS7.5AI score0.01245EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.13 views

CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...

6.5AI score0.0128EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 9:34 a.m.68 views

CVE-2024-5259

CVE-2024-5259 affects the MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress. It allows Stored XSS via the hover_animation parameter in all versions up to 4.1.11, enabling authenticated attackers with Contributor-level access or higher to inject scripts o...

6.4CVSS5.5AI score0.00321EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/12/20 5:27 p.m.4 views

CVE-2023-26525 WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own...

7.1CVSS7.2AI score0.0057EPSS
Exploits0References4
CVE
CVE
added 2023/12/19 7:40 p.m.41 views

CVE-2023-34382

The Dokan WordPress plugin (Dokan – Best WooCommerce Multivendor Marketplace Solution) is affected up to version 3.7.19. The issue is a PHP Object Injection due to insecure deserialization of untrusted data in the plugin’s codebase. This vulnerability can impact confidentiality, integrity, and av...

8.8CVSS8.1AI score0.00689EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/19 7:40 p.m.4 views

CVE-2023-34382 WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19...

4.4CVSS7.2AI score0.00689EPSS
Exploits0References4
NVD
NVD
added 2023/06/09 6:16 a.m.19 views

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

5.4CVSS4.5AI score0.00466EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.5 views

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References6
Rows per page
Query Builder