2 matches found
WordPress Auto Mail - Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Plugin < 1.1.78 is vulnerable to Cross Site Scripting (XSS)
Software Auto Mail - Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Type Plugin Vulnerable versions 1.1.78 Fixed in 1.1.78 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1...
CVE-2022-2389
The CVE-2022-2389 entry concerns the WordPress plugin Autonami (Automations By Autonami) for WooCommerce. Prior to version 2.1.2, one AJAX action lacked proper authorization and CSRF checks, allowing any authenticated user (e.g., subscribers) to create automations. This is corroborated across mul...