96 matches found
CVE-2023-2841
CVE-2023-2841 concerns the WordPress plugin Advanced Local Pickup for WooCommerce. The vulnerability is an SQL Injection via the id parameter in versions up to and including 1.5.5 due to insufficient escaping and query preparation. Exploitation requires Administrator-level privileges (authenticat...
WordPress Plugin Advanced Local Pickup for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-45006
Summary of CVE-2023-45006 (WordPress ByConsole WooODT Lite) : An unauthenticated reflected Cross-Site Scripting (XSS) vulnerability exists in the ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin for WordPress, affecting versions
Bus Reservation System 1.1 - Multiple SQL injection Vulnerability
Title: Bus Reservation System-1.1 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://demo.phpjabbers.com/1693027053628/preview.php?lid=1 Reference: https://portswigger.net/web-security/sql-injection Description: The pickupid parameter appears to be vulnerable...
CVE-2023-4111
A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickupid leads to cross site scripting. The attack may be launched remotely...
PT-2023-27793 · Phpjabbers · Phpjabbers Bus Reservation System
Name of the Vulnerable Software and Affected Versions: PHP Jabbers Bus Reservation System version 1.1 Description: A vulnerability was found in the PHP Jabbers Bus Reservation System, affecting some unknown functionality of the file /index.php. The manipulation of the pickup id argument in the...
Bus Reservation System Cross-Site Scripting Vulnerability
Bus Reservation System is a PHP Jabbers open source bus reservation system. PHP Jabbers Bus Reservation System version 1.1 cross-site scripting vulnerability , the vulnerability stems from the file /index.php parameter index/pickupid will lead to cross-site scripting...
WordPress Food Store – Online Food Delivery & Pickup Plugin <= 1.4.7.4 is vulnerable to Cross Site Scripting (XSS)
Software Food Store – Online Food Delivery & Pickup Type Plugin Vulnerable versions = 1.4.7.4 Fixed in 1.4.7.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1205491a7a45 Credits...
WordPress Pickup & Delivery from Customer Locations for WooCommerce Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Pickup & Delivery from Customer Locations for WooCommerce Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f03475fd0fa...
CVE-2023-28991
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin = 3.0.19 versions...
CVE-2023-28991 WordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin = 3.0.19 versions...
CVE-2023-28991
CVE-2023-28991 corresponds to a Stored XSS vulnerability in the PI Websolution Order date, Order pickup, Order date time, Pickup Location, and delivery date components of the WP plugin for WooCommerce, affected
CVE-2023-0894
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2023-0894
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2023-0894 Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
WordPress plugin Pickup | Delivery | Dine-in date time 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. A cross-site...
WordPress Pickup | Delivery | Dine-in date time Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Pickup | Delivery | Dine-in date time Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0894 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b34002e286cc Credits Sajj...
Draw organizer can time draws so that user's have the illusion of fair random, but draw can be cancelled.
Lines of code Vulnerability details Description In RandomDraw, host can call startDraw or redraw to request a Chainlink random number, which will be used to select the winning user. They may then collect the prize NFT using winnerClaimNFT. The issue is that in the two draw functions, it is never...
GHSA-85XW-3HP5-6FMC Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...
WordPress Food Store – Online Food Delivery & Pickup plugin <= 1.3.14 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Food Store – Online Food Delivery & Pickup plugin versions = 1.3.14. Solution Update the WordPress Food Store – Online Food Delivery & Pickup plugin to the latest available version at least 1.4...