Lucene search
K

52 matches found

wpexploit
wpexploit
added 2023/04/24 12:0 a.m.407 views

Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. - Install the plugin and WooCommerce, whic...

4.8CVSS5.5AI score0.00461EPSS
Exploits2
CNVD
CNVD
added 2022/02/16 12:0 a.m.25 views

WordPress PPOM for WooCommerce plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blogging sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress PPOM for WooCommerce plugin...

5.4CVSS2AI score0.00524EPSS
Exploits2References1
NVD
NVD
added 2022/02/14 12:15 p.m.26 views

CVE-2021-25018

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS...

5.4CVSS0.00524EPSS
Exploits2References1
OSV
OSV
added 2022/02/14 12:15 p.m.3 views

CVE-2021-25018

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS...

5.4CVSS5.9AI score0.00524EPSS
Exploits2References1
CVE
CVE
added 2022/02/14 9:20 a.m.104 views

CVE-2021-25018

CVE-2021-25018 concerns the PPOM for WooCommerce WordPress plugin (versions before 24.0). The issue is lack of authorization and CSRF checks in the ppom_settings_panel_action AJAX endpoint, allowing an authenticated user to update arbitrary settings. Combined with insufficient sanitisation/escapi...

5.4CVSS5.3AI score0.00524EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/14 9:20 a.m.28 views

CVE-2021-25018 PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS...

5.5AI score0.00524EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.7 views

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blogging sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress PPOM for WooCommerce plugin...

5.4CVSS5.6AI score0.00524EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/01/17 12:0 a.m.30 views

PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues PoC 1. Use the new settings panel...

5.4CVSS0.4AI score0.00524EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/01/17 12:0 a.m.523 views

PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS

The plugin does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues 1. Use the new settings panel framewor...

5.4CVSS0.5AI score0.00524EPSS
Exploits2
Patchstack
Patchstack
added 2022/01/17 12:0 a.m.30 views

WordPress PPOM for WooCommerce plugin <= 23.9 - Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)

Settings Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress PPOM for WooCommerce plugin versions = 23.9. Solution Update the WordPress PPOM for WooCommerce plugin to the latest available version at least 24.0...

5.4CVSS2AI score0.00524EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2019/08/12 12:0 a.m.8 views

WordPress PPOM for WooCommerce plugin <= 18.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found in WordPress PPOM for WooCommerce plugin versions = 18.3. Solution Update the WordPress PPOM for WooCommerce plugin to the latest available version at least 18.4...

1.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2016/09/19 12:0 a.m.9 views

WooCommerce Product Addons <= 1.1 - Arbitrary File Upload

The PPOM for WooCommerce WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

2.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder