Lucene search
K

56 matches found

Vulnrichment
Vulnrichment
added 2023/07/31 9:37 a.m.10 views

CVE-2023-3507 WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...

6.4AI score0.00261EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/07/31 12:0 a.m.6 views

WordPress plugin WooCommerce Pre-Orders 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

6.5CVSS7.6AI score0.00261EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.5 views

PT-2023-25133 · WordPress · Woocommerce Pre-Orders

Name of the Vulnerable Software and Affected Versions: WooCommerce Pre-Orders WordPress plugin versions prior to 2.0.3 Description: The issue is related to a flawed CSRF check when processing tab actions. This could allow attackers to make logged-in admins perform unintended actions, such as...

6.5CVSS7.2AI score0.00261EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/07/31 12:0 a.m.7 views

WordPress plugin WooCommerce Pre-Orders 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

6.5CVSS7.4AI score0.00261EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/07/10 12:0 a.m.19 views

WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks PoC Make a logged in admin open an HTML pa...

6.7AI score0.00261EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/10 12:0 a.m.14 views

WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack PoC Make a logged in admin open the URL below 42 being a pre-order to be canceled...

6.7AI score0.00261EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/07/10 12:0 a.m.167 views

WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks Make a logged in admin open an HTML page...

6.8AI score0.00261EPSS
Exploits2
wpexploit
wpexploit
added 2023/07/10 12:0 a.m.149 views

WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

The plugin has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack Make a logged in admin open the URL below 42 being a pre-order to be canceled...

6.9AI score0.00261EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.14 views

WooCommerce Pre-Orders < 2.0.2 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC When there is at least one pre-order, make a logged in admin open the URL below...

6AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2023/06/26 12:0 a.m.138 views

WooCommerce Pre-Orders < 2.0.2 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin When there is at least one pre-order, make a logged in admin open the URL below...

6.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.17 views

WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC woocommercepreordercountdown productid="64"...

5.5AI score0.00374EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2023/06/21 12:0 a.m.147 views

WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks woocommercepreordercountdown productid="64"...

5.6AI score0.00374EPSS
Exploits1References1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.9 views

WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 1.9.0 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32802 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 410dcc0b8c9c Credits Rafie...

7.1CVSS5.6AI score0.00396EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/05/15 12:0 a.m.27 views

WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Pre-Orders Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32793 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 835a4691203f Credits Rafie Muhammad...

6.5CVSS5.7AI score0.00374EPSS
Exploits1References1Affected Software1
HackRead
HackRead
added 2019/03/13 10:18 p.m.59 views

New Samsung Galaxy S10 review and features

By Uzair Amir The all new Samsung Galaxy S10 family has been released by Samsung on 8th March, 2019 and despite the high price & a lazy start, the Galaxy S10 has made a record in pre-orders for Samsung in the US. When the pre-orders for Samsung Galaxy S10 family began, there were rumors and...

2.2AI score
Exploits0
The Hacker News
The Hacker News
added 2012/10/27 2:36 p.m.8 views

Julian Assange's Book 'Cypherpunks' - Freedom and the Future of the Internet

Julian Assange publish a book based on his interview "Cypherpunks" on "The World Tomorrow", his controversial talk show, with the people he believes know the solution to the problems of privacy and freedom. The book called 'Cypherpunks: Freedom and the Future of the Internet,' was written by...

6.9AI score
Exploits0
Rows per page
Query Builder