Lucene search
K

45 matches found

WPVulnDB
WPVulnDB
added 2022/11/21 12:0 a.m.15 views

Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion

The plugin does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. PoC wpajaxshopoptionsajax hook calls shopoptionsajax function without nonce and without access control update shipping method name 0 shipping method id...

6.5CVSS1AI score0.00329EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/11/21 12:0 a.m.26 views

WordPress Welcart e-Commerce plugin <= 2.8.3 - Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability

Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability discovered by Lana Codes in WordPress Welcart e-Commerce plugin versions = 2.8.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.8.4...

2.8AI score0.00329EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/11/21 12:0 a.m.157 views

Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion

The plugin does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. wpajaxshopoptionsajax hook calls shopoptionsajax function without nonce and without access control update shipping method name 0 shipping method id exploit...

6.5CVSS1.2AI score0.00329EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/06/14 12:0 a.m.6 views

Flexible Shipping < 4.11.9 - Reflected Cross-Site Scripting

The plugin does not escape shipping method URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting...

1AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Shipping Method Display Style for WooCommerce plugin <= 3.7.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Shipping Method Display Style for WooCommerce plugin versions = 3.7.4. Solution Update the WordPress Shipping Method Display Style for WooCommerce plugin to the latest available version at least 3.7.5...

1.7AI score
Exploits0References2Affected Software1
Rows per page
Query Builder