24 matches found
EUVD-2026-39950
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...
GHSA-H4MP-G9C6-XWPH Shopper: Missing authorization on Product admin Livewire sub-form components
Impact Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO metadata, shipping dimensions, and attached media witho...
EUVD-2023-41799
Malicious code in bioql PyPI...
CVE-2023-37972
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1...
CVE-2023-37971
Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1...
CVE-2023-37971 WordPress WooCommerce Product Stock Alert plugin <= 2.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1...
PT-2024-12671 · WordPress · Woocommerce Product Stock Alert
Name of the Vulnerable Software and Affected Versions: WooCommerce Product Stock Alert versions 2.0.1 and earlier Description: The issue affects the WooCommerce Product Stock Alert plugin, allowing exploitation of incorrectly configured access control security levels due to a missing authorizatio...
CVE-2023-37972
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1...
Code injection
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1...
CVE-2023-37972 WordPress WooCommerce Product Stock Alert Plugin <= 2.0.1 is vulnerable to Sensitive Data Exposure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1...
CVE-2023-37972
CVE-2023-37972 – Information Disclosure in WordPress plugin “WooCommerce Product Stock Alert / Product Stock Manager & Notifier for WooCommerce” Affected software: Product Stock Manager & Notifier for WooCommerce (WordPress plugin) — commonly listed as WooCommerce Product Stock Alert. Root cause ...
WordPress Plugin Product Stock Manager & Notifier for WooCommerce Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Product Stock Manager &...
PT-2023-26219 · Woocommerce · Product Stock Manager & Notifier For Woocommerce
Name of the Vulnerable Software and Affected Versions: Product Stock Manager & Notifier for WooCommerce versions through 2.0.1 Description: The issue is related to Exposure of Sensitive Information to an Unauthorized Actor, affecting the Product Stock Manager & Notifier for WooCommerce...
WordPress WooCommerce Product Stock Alert Plugin <= 2.0.1 is vulnerable to Settings Change
Software WooCommerce Product Stock Alert Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-37971 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e561b9b30485 Credits Mika Required...
WordPress WooCommerce Product Stock Alert Plugin <= 2.0.1 is vulnerable to Sensitive Data Exposure
Software WooCommerce Product Stock Alert Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-37972 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 90d3154cbc8c Credits Mika Requir...
CVE-2022-3451
The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...
CVE-2022-3451
The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...
WordPress plugin Product Stock Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2022-3451 Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls
The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...
CVE-2022-3451
The CVE-2022-3451 entry concerns the Product Stock Manager WordPress plugin up to version 1.0.4 (pre‑1.0.5). Reports in multiple connected sources confirm a lack of proper authorization and CSRF checks in several AJAX actions, enabling users with a role as low as subscriber to call these actions ...