Lucene search
+L

96 matches found

CVE
CVE
added 2023/11/22 3:33 p.m.86 views

CVE-2023-2841

CVE-2023-2841 concerns the WordPress plugin Advanced Local Pickup for WooCommerce. The vulnerability is an SQL Injection via the id parameter in versions up to and including 1.5.5 due to insufficient escaping and query preparation. Exploitation requires Administrator-level privileges (authenticat...

7.2CVSS7.1AI score0.00602EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.7 views

WordPress Plugin Advanced Local Pickup for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.2CVSS7.8AI score0.00602EPSS
Exploits0References4
CVE
CVE
added 2023/10/17 11:24 a.m.44 views

CVE-2023-45006

Summary of CVE-2023-45006 (WordPress ByConsole WooODT Lite) : An unauthenticated reflected Cross-Site Scripting (XSS) vulnerability exists in the ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin for WordPress, affecting versions

7.1CVSS6.1AI score0.00331EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2023/09/04 12:0 a.m.264 views

Bus Reservation System 1.1 - Multiple SQL injection Vulnerability

Title: Bus Reservation System-1.1 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://demo.phpjabbers.com/1693027053628/preview.php?lid=1 Reference: https://portswigger.net/web-security/sql-injection Description: The pickupid parameter appears to be vulnerable...

7.1AI score
Exploits0
OSV
OSV
added 2023/08/03 4:15 a.m.3 views

CVE-2023-4111

A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickupid leads to cross site scripting. The attack may be launched remotely...

6.1CVSS3.9AI score0.02499EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.14 views

PT-2023-27793 · Phpjabbers · Phpjabbers Bus Reservation System

Name of the Vulnerable Software and Affected Versions: PHP Jabbers Bus Reservation System version 1.1 Description: A vulnerability was found in the PHP Jabbers Bus Reservation System, affecting some unknown functionality of the file /index.php. The manipulation of the pickup id argument in the...

6.1CVSS4.8AI score0.02499EPSS
Exploits3References6
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.8 views

Bus Reservation System Cross-Site Scripting Vulnerability

Bus Reservation System is a PHP Jabbers open source bus reservation system. PHP Jabbers Bus Reservation System version 1.1 cross-site scripting vulnerability , the vulnerability stems from the file /index.php parameter index/pickupid will lead to cross-site scripting...

6.1CVSS6.1AI score0.02499EPSS
Exploits3References5
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress Food Store – Online Food Delivery & Pickup Plugin <= 1.4.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Food Store – Online Food Delivery & Pickup Type Plugin Vulnerable versions = 1.4.7.4 Fixed in 1.4.7.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1205491a7a45 Credits...

6.3AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress Pickup & Delivery from Customer Locations for WooCommerce Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Pickup & Delivery from Customer Locations for WooCommerce Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f03475fd0fa...

6.6AI score0.00284EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/26 6:15 a.m.4 views

CVE-2023-28991

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin = 3.0.19 versions...

4.8CVSS7.3AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/26 5:27 a.m.30 views

CVE-2023-28991 WordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin = 3.0.19 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/06/26 5:27 a.m.43 views

CVE-2023-28991

CVE-2023-28991 corresponds to a Stored XSS vulnerability in the PI Websolution Order date, Order pickup, Order date time, Pickup Location, and delivery date components of the WP plugin for WooCommerce, affected

5.9CVSS5AI score0.00369EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/05/08 2:15 p.m.21 views

CVE-2023-0894

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS4.7AI score0.00442EPSS
Exploits2References1
OSV
OSV
added 2023/05/08 2:15 p.m.8 views

CVE-2023-0894

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS6.6AI score0.00442EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/05/08 1:58 p.m.35 views

CVE-2023-0894 Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.9AI score0.00442EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.7 views

WordPress plugin Pickup | Delivery | Dine-in date time 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. A cross-site...

4.8CVSS6.3AI score0.00442EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/04/18 12:0 a.m.10 views

WordPress Pickup | Delivery | Dine-in date time Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Pickup | Delivery | Dine-in date time Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0894 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b34002e286cc Credits Sajj...

4.8CVSS6AI score0.00442EPSS
Exploits2References3Affected Software1
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.10 views

Draw organizer can time draws so that user's have the illusion of fair random, but draw can be cancelled.

Lines of code Vulnerability details Description In RandomDraw, host can call startDraw or redraw to request a Chainlink random number, which will be used to select the winning user. They may then collect the prize NFT using winnerClaimNFT. The issue is that in the two draw functions, it is never...

6.7AI score
Exploits0
OSV
OSV
added 2022/05/24 5:0 p.m.14 views

GHSA-85XW-3HP5-6FMC Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...

5.4CVSS5.4AI score0.00556EPSS
Exploits0References5
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Food Store – Online Food Delivery & Pickup plugin <= 1.3.14 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Food Store – Online Food Delivery & Pickup plugin versions = 1.3.14. Solution Update the WordPress Food Store – Online Food Delivery & Pickup plugin to the latest available version at least 1.4...

2.4AI score
Exploits0References2Affected Software1
Rows per page
Query Builder