Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.6 views

CVE-2022-1546

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.00739EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:59 a.m.10 views

CVE-2024-32724

Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1...

7.5CVSS5.1AI score0.00759EPSS
Exploits0References1
NVD
NVD
added 2024/05/14 3:37 p.m.20 views

CVE-2024-32724

Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1...

7.5CVSS7.6AI score0.00759EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/09 12:20 p.m.15 views

CVE-2024-32724 WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1...

7.5CVSS7AI score0.00759EPSS
Exploits0References1
CVE
CVE
added 2024/05/09 12:20 p.m.50 views

CVE-2024-32724

CVE-2024-32724 describes a Missing Authorization vulnerability in the SharkDropship dropshipping WordPress/WooCommerce plugin (SharkDropshipped for AliExpress, eBay, Amazon, Etsy) up to version 2.1.1. The connected data indicates this flaw permits arbitrary content deletion and is associated with...

7.5CVSS5.1AI score0.00759EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.5 views

PT-2024-24812 · Unknown · Sharkdropship

Name of the Vulnerable Software and Affected Versions: Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy versions through 2.1.1 Description: The issue is related to a Missing Authorization vulnerability in the Woo product importer. This vulnerability affects the Sharkdropship...

7.5CVSS6.5AI score0.00759EPSS
Exploits0References4
CNVD
CNVD
added 2022/07/13 12:0 a.m.14 views

WordPress WooCommerce-Product Importer plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress WooCommerce-Product Importer plugin, which...

6.1CVSS1.2AI score0.00739EPSS
Exploits2References1
OSV
OSV
added 2022/07/11 1:15 p.m.1 views

CVE-2022-1546

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/07/11 1:15 p.m.16 views

CVE-2022-1546

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.00739EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 p.m.7 views

CVE-2022-1546

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00739EPSS
Exploits2References2
Prion
Prion
added 2022/07/11 1:15 p.m.14 views

Cross site scripting

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.1AI score0.00739EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/07/11 12:55 p.m.39 views

CVE-2022-1546

CVE-2022-1546 affects the WordPress plugin WooCommerce - Product Importer (≤ 1.5.2). The vulnerability arises because imported data is not sanitized/escaped before it is output on the page, enabling a Reflected Cross-Site Scripting attack. The issue is triggered via the admin CSV import workflow ...

6.1CVSS6AI score0.00739EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/07/11 12:55 p.m.23 views

CVE-2022-1546 WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00739EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.5 views

WordPress plugin WooCommerce - Product Importer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress WooCommerce-Product Importer plugin, which...

6.1CVSS5.2AI score0.00739EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.121 views

WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting POST /wp-admin/admin.php?page=woopi&tab=import HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

6.1CVSS0.2AI score0.00739EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.20 views

WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC POST /wp-admin/admin.php?page=woopi=import HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...

6.1CVSS0.8AI score0.00739EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/05/24 5:21 p.m.32 views

GHSA-RCMF-88P4-9WRG WooCommerce Cross-Site Request Forgery (CSRF)

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...

8.8CVSS8.3AI score0.00534EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.20 views

WooCommerce Cross-Site Request Forgery (CSRF)

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...

8.8CVSS6.2AI score0.00534EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder