45 matches found
Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion
The plugin does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. PoC wpajaxshopoptionsajax hook calls shopoptionsajax function without nonce and without access control update shipping method name 0 shipping method id...
WordPress Welcart e-Commerce plugin <= 2.8.3 - Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability
Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability discovered by Lana Codes in WordPress Welcart e-Commerce plugin versions = 2.8.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.8.4...
Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion
The plugin does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. wpajaxshopoptionsajax hook calls shopoptionsajax function without nonce and without access control update shipping method name 0 shipping method id exploit...
Flexible Shipping < 4.11.9 - Reflected Cross-Site Scripting
The plugin does not escape shipping method URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting...
WordPress Shipping Method Display Style for WooCommerce plugin <= 3.7.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Shipping Method Display Style for WooCommerce plugin versions = 3.7.4. Solution Update the WordPress Shipping Method Display Style for WooCommerce plugin to the latest available version at least 3.7.5...