56 matches found
CVE-2023-3507 WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...
WordPress plugin WooCommerce Pre-Orders 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
PT-2023-25133 · WordPress · Woocommerce Pre-Orders
Name of the Vulnerable Software and Affected Versions: WooCommerce Pre-Orders WordPress plugin versions prior to 2.0.3 Description: The issue is related to a flawed CSRF check when processing tab actions. This could allow attackers to make logged-in admins perform unintended actions, such as...
WordPress plugin WooCommerce Pre-Orders 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF
The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks PoC Make a logged in admin open an HTML pa...
WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack PoC Make a logged in admin open the URL below 42 being a pre-order to be canceled...
WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF
The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks Make a logged in admin open an HTML page...
WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack Make a logged in admin open the URL below 42 being a pre-order to be canceled...
WooCommerce Pre-Orders < 2.0.2 - Reflected XSS
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC When there is at least one pre-order, make a logged in admin open the URL below...
WooCommerce Pre-Orders < 2.0.2 - Reflected XSS
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin When there is at least one pre-order, make a logged in admin open the URL below...
WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS
The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC woocommercepreordercountdown productid="64"...
WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS
The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks woocommercepreordercountdown productid="64"...
WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 1.9.0 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32802 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 410dcc0b8c9c Credits Rafie...
WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32793 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 835a4691203f Credits Rafie Muhammad...
New Samsung Galaxy S10 review and features
By Uzair Amir The all new Samsung Galaxy S10 family has been released by Samsung on 8th March, 2019 and despite the high price & a lazy start, the Galaxy S10 has made a record in pre-orders for Samsung in the US. When the pre-orders for Samsung Galaxy S10 family began, there were rumors and...
Julian Assange's Book 'Cypherpunks' - Freedom and the Future of the Internet
Julian Assange publish a book based on his interview "Cypherpunks" on "The World Tomorrow", his controversial talk show, with the people he believes know the solution to the problems of privacy and freedom. The book called 'Cypherpunks: Freedom and the Future of the Internet,' was written by...