Lucene search
K

7 matches found

Cvelist
Cvelist
added 2025/11/27 9:27 a.m.8 views

CVE-2025-12584 Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure

The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqvpopupcontent' AJAX endpoint due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers t...

5.3CVSS0.00223EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/27 9:27 a.m.1 views

CVE-2025-12584 Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure

The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqvpopupcontent' AJAX endpoint due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers t...

5.3CVSS5.6AI score0.00223EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/27 12:35 a.m.4 views

WordPress Quick View for WooCommerce plugin <= 2.2.17 - Unauthenticated Private Product Disclosure vulnerability

Unauthenticated Private Product Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Quick View for WooCommerce versions = 2.2.17...

5.3CVSS7AI score0.00223EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.3 views

PT-2025-48252

The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqv popup content' AJAX endpoint due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers...

5.3CVSS6AI score0.00223EPSS
Exploits0References3
CVE
CVE
added 2025/10/18 6:42 a.m.23 views

CVE-2025-11741

CVE-2025-11741 affects the WPC Smart Quick View for WooCommerce plugin for WordPress. The vulnerability is an Information Exposure via the woosq_quickview AJAX endpoint caused by insufficient access restrictions, enabling unauthenticated attackers to read data from password-protected, private, or...

5.3CVSS5.8AI score0.00306EPSS
Exploits0References2
NVD
NVD
added 2013/02/24 11:48 a.m.21 views

CVE-2013-0786

The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...

5CVSS6.5AI score0.01657EPSS
Exploits0References3
Prion
Prion
added 2013/02/24 11:48 a.m.23 views

Design/Logic Flaw

The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...

5CVSS7AI score0.01657EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder