EUVD-2024-29320

Malicious code in bioql PyPI...

CVE-2024-31431

Cross-Site Request Forgery CSRF vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0...

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

WordPress Product Input Fields for WooCommerce plugin <= 1.12.0 - Unauthenticated Limited File Upload vulnerability

Unauthenticated Limited File Upload vulnerability discovered by luckybuddy in WordPress Plugin Product Input Fields for WooCommerce versions = 1.12.0...

WordPress plugin Product Input Fields for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handledownloads function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with...

WordPress plugin Product Input Fields for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

WordPress Product Input Fields for WooCommerce plugin <= 1.9 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by 1337Wannabe in WordPress Plugin Product Input Fields for WooCommerce versions = 1.9...

WordPress Product Input Fields for WooCommerce Plugin <= 1.9 is vulnerable to Path Traversal

Software Product Input Fields for WooCommerce Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10857 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1aed7531d6f7 Credits 1337Wannabe Required...

CVE-2024-31431

Cross-Site Request Forgery CSRF vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0...

CVE-2024-31431 WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0...

CVE-2024-31431

CVE-2024-31431: CSRF in Tyche Softwares Product Input Fields for WooCommerce affects Product Input Fields for WooCommerce versions up to 1.7.0 (no details on root cause beyond CSRF and no patch/version provided in the available documents). Affects the plugin for WooCommerce; reported by Red Hat/W...

WordPress Plugin Product Input Fields for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Product Input Fields for WooCommerce versions = 1.7.0...

Authorization

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handledownloads function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable...

CVE-2020-36696

The CVE concerns the Product Input Fields for WooCommerce plugin for WordPress, where an authorization bypass allows unauthenticated users to download files. The root cause identified across multiple sources is a missing capability check on the handle_downloads() function in versions up to and in...

WordPress Plugin Product Input Fields for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Product Input Fields for WooCommerce plugin <= 1.2.6 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by NinTechNet in WordPress Product Input Fields for WooCommerce plugin versions = 1.2.6. Solution Update the WordPress Product Input Fields for WooCommerce plugin to the latest available version at least 1.2.7...