20 matches found
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a privilege checking...
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin unauthorized access vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a lack of privilege...
CVE-2025-13452
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...
CVE-2025-13389
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...
CVE-2025-13389
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...
CVE-2025-13452
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...
EUVD-2025-199580
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages vulnerability
Missing Authorization to Unauthenticated User Impersonation in Order Messages vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin OrderConvo versions = 14...
WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a privilege checking...
CVE-2025-10162
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...
CVE-2025-10162
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...
CVE-2025-10162 OrderConvo < 14 - Unauthenticated Arbitrary File Read
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...
CVE-2025-10162 OrderConvo < 14 - Unauthenticated Arbitrary File Read
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...
CVE-2025-10162
The CVE-2025-10162 issue affects the OrderConvo WordPress plugin (Admin and Customer Messages After Order for WooCommerce) prior to v14. It stems from unvalidated file paths during downloads, enabling an unauthenticated attacker to read/download arbitrary files via a path traversal attack. Result...
EUVD-2025-32606
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...
CVE-2024-13355
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...
CVE-2024-13355
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the uploadfile function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, wi...
WordPress plugin Admin and Customer Messages After Order for WooCommerce: OrderConvo 代码问题漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Admin and Customer Messag...
WordPress OrderConvo plugin <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting vulnerability
Authenticated Subscriber+ Limited File Upload to Cross-Site Scripting vulnerability discovered by 1337Wannabe in WordPress Plugin OrderConvo versions = 13.2...
WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability
Unauthenticated API Access to Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin OrderConvo versions = 12.4...