Lucene search
K

129 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:53 a.m.6 views

CVE-2023-4948

The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS5.9AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.8 views

CVE-2023-5132

The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerc...

7.5CVSS5.9AI score0.00606EPSS
Exploits0References1
NVD
NVD
added 2025/01/31 7:15 a.m.28 views

CVE-2024-13623

The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads...

5.9CVSS0.00451EPSS
Exploits0References3
CVE
CVE
added 2025/01/31 6:40 a.m.48 views

CVE-2024-13623

The CVE-2024-13623 issue affects the WordPress plugin Order Export for WooCommerce. It allows unauthenticated attackers to exfiltrate sensitive data stored in the uploads directory, applicable to all versions up to 3.24. The vulnerability is conditional: it exists when Order data storage is set t...

5.9CVSS5.6AI score0.00451EPSS
Exploits0References3
OSV
OSV
added 2025/01/30 7:15 a.m.3 views

CVE-2024-13457

The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view ord...

5.3CVSS7.3AI score0.00311EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/04 12:0 a.m.4 views

MRW plugin information disclosure vulnerability

MRW plugin is a logistics transportation and services plugin from MRW Spain. An information disclosure vulnerability exists in MRW plugin version 5.4.3. A remote attacker could use this vulnerability to obtain order information from other customers and access sensitive information such as names a...

8.2CVSS6.2AI score0.00502EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.21 views

CVE-2023-6214

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchasedproducts function. This makes it possible for unauthenticatied attackers to extract sensitive data including the previous 7...

7.5CVSS7.3AI score0.00614EPSS
Exploits0References3
OSV
OSV
added 2024/05/02 5:15 p.m.4 views

CVE-2023-6214

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchasedproducts function. This makes it possible for unauthenticatied attackers to extract sensitive data including the previous 7...

7.5CVSS5.8AI score0.00614EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.11 views

HT Mega < 2.4.7 - Unauthenticated Order Data Disclosure

Description The plugin is vulnerable to Sensitive Information Exposure via the purchasedproducts function, allowing unauthenticatied attackers to extract sensitive data including the previous 7 days of order data including products and customer PII...

7.5CVSS6.6AI score0.00614EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/09 7:15 p.m.4 views

CVE-2024-1289

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

5.4CVSS5.8AI score0.00391EPSS
Exploits0References2
OSV
OSV
added 2024/02/27 6:15 a.m.3 views

CVE-2024-1686

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the applylayout function due to a missing capability check. This makes it possible for authenticated attackers, with...

6.5CVSS7.4AI score0.00406EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.10 views

PT-2024-18222 · WordPress · The Thank You Page Customizer For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to missing authorization in the plugin, specifically due to a missing capability...

6.5CVSS9.2AI score0.00406EPSS
Exploits0References6
OSV
OSV
added 2023/11/27 11:15 p.m.6 views

CVE-2023-46355

In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References1
OSV
OSV
added 2023/10/21 2:15 a.m.8 views

CVE-2023-5132

The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerc...

7.5CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/21 1:53 a.m.3 views

CVE-2023-5132 Soisy Pagamento Rateale <= 6.0.1 - Missing Authorization to Sensitive Information Exposure

The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerc...

7.5CVSS7.1AI score0.00606EPSS
Exploits0References3
OSV
OSV
added 2023/10/20 7:15 a.m.5 views

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS7.3AI score0.00357EPSS
Exploits0References2
OSV
OSV
added 2023/10/20 7:15 a.m.5 views

CVE-2021-4335

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...

6.3CVSS5.9AI score0.00401EPSS
Exploits0References2
OSV
OSV
added 2023/10/19 6:15 a.m.3 views

CVE-2023-5254

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcldwbchatbotcheckuser function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site ...

5.3CVSS7.2AI score0.00767EPSS
Exploits1References3
NVD
NVD
added 2023/09/27 3:19 p.m.19 views

CVE-2023-43610

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor without setting authority or higher privilege to perform unintended database operations...

8.8CVSS8.9AI score0.00909EPSS
Exploits0References2
OSV
OSV
added 2023/09/27 3:19 p.m.4 views

CVE-2023-43614

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

6.1CVSS5.9AI score0.00621EPSS
Exploits0References2
Rows per page
Query Builder