86 matches found
YITH Request a Quote for WooCommerce < 1.6.4 - Unauthorised AJAX call via CSRF
The ajax method did not properly check for CSRF, allowing attackers to make users call the ajaxadditem, ajaxremoveitem or ajaxvariationexist actions, which will tamper with their session quote. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...
WordPress Request a Quote plugin <= 2.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ajay Sandipan Thorbole in WordPress Request a Quote plugin versions = 2.3.0. Solution Update the WordPress Request a Quote plugin to the latest available version at least 2.3.4...
WordPress plugin Request a Quote 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress YITH WooCommerce Request A Quote plugin <=1.4.8 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Request A Quote plugin versions =1.4.8. Solution Update the WordPress YITH WooCommerce Request A Quote plugin to the latest available version at least 1.4.9...
motopartalert.com XSS vulnerability
Open Bug Bounty ID: OBB-258415 Description| Value ---|--- Affected Website:| motopartalert.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects
Apache HTTP Server, prior to release 2.4.25, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated...