7 matches found
CVE-2025-12584 Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure
The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqvpopupcontent' AJAX endpoint due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers t...
CVE-2025-12584 Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure
The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqvpopupcontent' AJAX endpoint due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers t...
WordPress Quick View for WooCommerce plugin <= 2.2.17 - Unauthenticated Private Product Disclosure vulnerability
Unauthenticated Private Product Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Quick View for WooCommerce versions = 2.2.17...
PT-2025-48252
The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqv popup content' AJAX endpoint due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers...
CVE-2025-11741
CVE-2025-11741 affects the WPC Smart Quick View for WooCommerce plugin for WordPress. The vulnerability is an Information Exposure via the woosq_quickview AJAX endpoint caused by insufficient access restrictions, enabling unauthenticated attackers to read data from password-protected, private, or...
CVE-2013-0786
The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...
Design/Logic Flaw
The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...