18 matches found
CVE-2022-1546
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2024-32724
Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1...
CVE-2024-32724
Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1...
CVE-2024-32724 WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1...
CVE-2024-32724
CVE-2024-32724 describes a Missing Authorization vulnerability in the SharkDropship dropshipping WordPress/WooCommerce plugin (SharkDropshipped for AliExpress, eBay, Amazon, Etsy) up to version 2.1.1. The connected data indicates this flaw permits arbitrary content deletion and is associated with...
PT-2024-24812 · Unknown · Sharkdropship
Name of the Vulnerable Software and Affected Versions: Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy versions through 2.1.1 Description: The issue is related to a Missing Authorization vulnerability in the Woo product importer. This vulnerability affects the Sharkdropship...
WordPress WooCommerce-Product Importer plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress WooCommerce-Product Importer plugin, which...
CVE-2022-1546
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1546
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1546
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1546
CVE-2022-1546 affects the WordPress plugin WooCommerce - Product Importer (≤ 1.5.2). The vulnerability arises because imported data is not sanitized/escaped before it is output on the page, enabling a Reflected Cross-Site Scripting attack. The issue is triggered via the admin CSV import workflow ...
CVE-2022-1546 WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
WordPress plugin WooCommerce - Product Importer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress WooCommerce-Product Importer plugin, which...
WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting POST /wp-admin/admin.php?page=woopi&tab=import HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...
WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC POST /wp-admin/admin.php?page=woopi=import HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8...
GHSA-RCMF-88P4-9WRG WooCommerce Cross-Site Request Forgery (CSRF)
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...
WooCommerce Cross-Site Request Forgery (CSRF)
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...