Lucene search
K

273 matches found

EUVD
EUVD
added 2025/10/22 6:40 a.m.4 views

EUVD-2025-35351

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the saverefundrequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit...

4.3CVSS5.6AI score0.00178EPSS
Exploits0References3
CVE
CVE
added 2025/10/22 6:40 a.m.18 views

CVE-2025-10570

CVE-2025-10570 affects the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions

4.3CVSS5.7AI score0.00178EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/22 6:40 a.m.4 views

CVE-2025-10570 Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the saverefundrequest function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit...

4.3CVSS5.7AI score0.00178EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.4 views

WordPress plugin Flexible Refund and Return Order for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.6AI score0.00178EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2025/10/20 7:3 a.m.8 views

A week in security (October 13 &#8211; October 19)

Last week on Malwarebytes Labs: Prosper data breach puts 17 million people at risk of identity theft Under the engineering hood: Why Malwarebytes chose WordPress as its CMS Video call app Huddle01 exposed 600K+ user logs Mango discloses data breach at third-party provider Roku accused of selling...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-34017

Malicious code in bioql PyPI...

8.5CVSS9.2AI score0.00738EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2025/09/08 7:2 a.m.11 views

A week in security (September 1 &#8211; September 7)

Last week on Malwarebytes Labs: Nexar dashcam video database hacked Roblox introduces age checks to use communication features Give your PC a fresh start: New free tools to boost your PC’s speed, security, and peace of mind TP-Link warns of botnet infecting routers and targeting Microsoft 365...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/09/02 1:9 p.m.5 views

Tax refund scam targets Californians

The State of California Franchise Tax Board FTB recently issued a warning to taxpayers to protect themselves from tax scams. In their warning the FTB states: “Recently, the FTB received reports of a scam targeting taxpayers through text messages that appear to be from FTB. These text messages...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in paysafecard-refund (npm)

The package paysafecard-refund was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-28955 Malicious code in paysafecard-refund (npm)

The package paysafecard-refund was found to contain malicious code...

7.2AI score
Exploits0
NVD
NVD
added 2025/07/18 6:15 a.m.5 views

CVE-2025-6222

The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'cedrnxorderexchangeattachfiles' function in all versions up to, and including, 3.2.6. This...

9.8CVSS0.0058EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/18 5:23 a.m.10 views

CVE-2025-6222 WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload

The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'cedrnxorderexchangeattachfiles' function in all versions up to, and including, 3.2.6. This...

9.8CVSS0.0058EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.6 views

WordPress plugin WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WooCommerce Refund And...

9.8CVSS7.7AI score0.0058EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.8 views

CVE-2024-7386

The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund function. This makes it possible for unauthenticated attackers to perform...

4.3CVSS6.5AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:47 a.m.5 views

CVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...

9.8CVSS8.7AI score0.0094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/16 6:21 a.m.13 views

CVE-2024-13641

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for...

7.5CVSS9.3AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2025/02/14 6:15 a.m.8 views

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

5.4CVSS5.8AI score0.00288EPSS
Exploits0References6
NVD
NVD
added 2025/02/14 6:15 a.m.28 views

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

5.4CVSS0.00288EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/14 5:22 a.m.28 views

CVE-2024-13692 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

5.4CVSS0.00288EPSS
Exploits0References6
CVE
CVE
added 2025/02/14 5:22 a.m.59 views

CVE-2024-13692

The CVE-2024-13692 entry for Return Refund and Exchange For WooCommerce (woo-refund-and-exchange-lite) is confirmed as a real vulnerability. It is an Insecure Direct Object Reference (IDOR) in all versions up to 4.4.5 caused by missing validation on a user-controlled key. This flaw allows unauthe...

5.4CVSS5.4AI score0.00288EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder