EUVD-2024-17422

Malicious code in bioql PyPI...

CVE-2024-1688

The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getordersarchive function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for the store...

CVE-2024-12561 Affiliate Sales in Google Analytics and other tools <= 2.0.0 - Open Redirect

The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.0. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated...

WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Simple Sticky Add To Cart For WooCommerce versions = 1.4.9...

CVE-2024-1687

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for authenticat...

WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Thank You Page Customizer for WooCommerce – Increase Your Sales Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1686 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...