4 matches found
CVE-2026-3462
CVE-2026-3462 affects the Frisbii Pay plugin for WordPress (all versions up to 1.8.9). The vulnerability arises from missing capability checks on upload_csv and process_batch, enabling authenticated attackers with Subscriber-level access or higher to modify data by uploading arbitrary CSVs and ov...
PT-2026-53057
Name of the Vulnerable Software and Affected Versions Frisbii Pay versions prior to 1.9.0 Description Authenticated users with Subscriber-level access and above can perform unauthorized modification of data. This is caused by missing capability checks in the upload csv and process batch functions...
CVE-2024-2752
The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via order meta in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
PT-2024-21929 · WordPress · Where Did You Hear About Us Checkout Field For Woocommerce
Name of the Vulnerable Software and Affected Versions: Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Stored Cross-Site Scripting via order meta due to insufficient input sanitization and...