52 matches found
Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. - Install the plugin and WooCommerce, whic...
WordPress PPOM for WooCommerce plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blogging sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress PPOM for WooCommerce plugin...
CVE-2021-25018
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS...
CVE-2021-25018
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS...
CVE-2021-25018
CVE-2021-25018 concerns the PPOM for WooCommerce WordPress plugin (versions before 24.0). The issue is lack of authorization and CSRF checks in the ppom_settings_panel_action AJAX endpoint, allowing an authenticated user to update arbitrary settings. Combined with insufficient sanitisation/escapi...
CVE-2021-25018 PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS...
WordPress 安全漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blogging sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress PPOM for WooCommerce plugin...
PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS
The plugin does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues PoC 1. Use the new settings panel...
PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS
The plugin does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues 1. Use the new settings panel framewor...
WordPress PPOM for WooCommerce plugin <= 23.9 - Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)
Settings Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress PPOM for WooCommerce plugin versions = 23.9. Solution Update the WordPress PPOM for WooCommerce plugin to the latest available version at least 24.0...
WordPress PPOM for WooCommerce plugin <= 18.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found in WordPress PPOM for WooCommerce plugin versions = 18.3. Solution Update the WordPress PPOM for WooCommerce plugin to the latest available version at least 18.4...
WooCommerce Product Addons <= 1.1 - Arbitrary File Upload
The PPOM for WooCommerce WordPress plugin was affected by an Arbitrary File Upload security vulnerability...