Lucene search
K

86 matches found

WPVulnDB
WPVulnDB
added 2021/06/30 12:0 a.m.22 views

YITH Request a Quote for WooCommerce < 1.6.4 - Unauthorised AJAX call via CSRF

The ajax method did not properly check for CSRF, allowing attackers to make users call the ajaxadditem, ajaxremoveitem or ajaxvariationexist actions, which will tamper with their session quote. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...

2.2AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2021/06/16 12:0 a.m.20 views

WordPress Request a Quote plugin <= 2.3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ajay Sandipan Thorbole in WordPress Request a Quote plugin versions = 2.3.0. Solution Update the WordPress Request a Quote plugin to the latest available version at least 2.3.4...

5.4CVSS2.9AI score0.00624EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/06/09 12:0 a.m.5 views

WordPress plugin Request a Quote 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.8CVSS6.7AI score0.00622EPSS
Exploits2References4
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.29 views

WordPress YITH WooCommerce Request A Quote plugin <=1.4.8 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Request A Quote plugin versions =1.4.8. Solution Update the WordPress YITH WooCommerce Request A Quote plugin to the latest available version at least 1.4.9...

4.3CVSS3.6AI score0.00948EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2017/07/04 11:39 a.m.15 views

motopartalert.com XSS vulnerability

Open Bug Bounty ID: OBB-258415 Description| Value ---|--- Affected Website:| motopartalert.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2017/06/29 5:41 p.m.337 views

Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects

Apache HTTP Server, prior to release 2.4.25, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated...

7.5CVSS6.7AI score0.73327EPSS
Exploits6
Rows per page
Query Builder