Lucene search
+L

731 matches found

Patchstack
Patchstack
added 2025/03/03 11:32 p.m.7 views

WordPress VW Storefront theme <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Peter Thaleikis in WordPress Theme VW Storefront versions = 0.9.9...

4.3CVSS7AI score0.00269EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/03/03 7:15 p.m.13 views

CVE-2025-26206

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...

9CVSS5.8AI score0.00573EPSS
Exploits3References2
NVD
NVD
added 2025/03/03 7:15 p.m.12 views

CVE-2025-26206

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...

9CVSS0.00573EPSS
Exploits3References2
NVD
NVD
added 2025/03/03 2:15 p.m.7 views

CVE-2025-23524

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dactum ClickBank Storefront mycbgenie-clickbank-storefront allows Reflected XSS.This issue affects ClickBank Storefront: from n/a through = 1.7...

7.1CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 1:30 p.m.53 views

CVE-2025-23524

CVE-2025-23524 affects the WordPress ClickBank Storefront plugin (versions ≤ 1.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Multiple connected sources (Red Hat, NVD, CVE lists, and PatchStack) corroborate the s...

7.1CVSS5.9AI score0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 1:30 p.m.5 views

CVE-2025-23524 WordPress ClickBank Storefront WordPress Plugin plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound ClickBank Storefront allows Reflected XSS. This issue affects ClickBank Storefront: from n/a through 1.7...

7.1CVSS7.2AI score0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.18 views

CVE-2025-23524 WordPress ClickBank Storefront WordPress Plugin plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dactum ClickBank Storefront mycbgenie-clickbank-storefront allows Reflected XSS.This issue affects ClickBank Storefront: from n/a through = 1.7...

7.1CVSS0.00342EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.6 views

WordPress plugin ClickBank Storefront 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS5.9AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/03 12:0 a.m.17 views

CVE-2025-26206

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...

0.00573EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2025/03/03 12:0 a.m.6 views

CVE-2025-26206

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...

6.8AI score0.00573EPSS
Exploits3References2
CVE
CVE
added 2025/03/03 12:0 a.m.98 views

CVE-2025-26206

CVE-2025-26206 concerns a Cross-Site Request Forgery (CSRF) vulnerability in Sell Done Storefront v1.0. The issue stems from the absence of anti-CSRF protections in the web application, allowing a remote attacker to induce privileged actions via the index.html component. Affected code is identifi...

9CVSS6.9AI score0.00573EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.6 views

storefront 跨站请求伪造漏洞

storefront is a SaaS solution open-sourced by Selldone. A security vulnerability exists in storefront v.1.0, which stems from a cross-site request forgery in the index.html component that could lead to elevation of privilege...

9CVSS6.5AI score0.00573EPSS
Exploits3References3
Citrix
Citrix
added 2025/03/02 12:0 a.m.11 views

Citrix Infrastructure Monitoring- issue with adding new PVS/SF servers for monitoring from Cloud UI

When Admin tries to add/register new PVS or Storefront Servers for monitoring, the eror message appears:Incorrect token. Ensure you copy and paste the token correctly. The token is valid. Network trace shows 500 response code when the request is send to...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2025/02/24 5:53 a.m.170 views

Exploit for Cross-Site Request Forgery (CSRF) in Selldone Storefront

🚨 CVE-2025-26206: Cross-Site Request Forgery CSRF in Sell Do...

9CVSS7.8AI score0.00573EPSS
Exploits3
GithubExploit
GithubExploit
added 2025/02/24 5:53 a.m.118 views

Exploit for Cross-Site Request Forgery (CSRF) in Selldone Storefront

🚨 CVE-2025-26206: Cross-Site Request Forgery CSRF in Sell Do...

9CVSS7.8AI score0.00573EPSS
Exploits3
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.6 views

WordPress ClickBank Storefront WordPress Plugin plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin ClickBank Storefront versions = 1.7...

7.1CVSS6.1AI score0.00342EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/01/04 2:15 a.m.4 views

CVE-2025-22386

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable...

7.3CVSS5.8AI score0.00279EPSS
Exploits0References1
NVD
NVD
added 2025/01/04 2:15 a.m.15 views

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

5.9CVSS0.00308EPSS
Exploits0References1
OSV
OSV
added 2025/01/04 2:15 a.m.6 views

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...

5.9CVSS5.8AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2025/01/04 2:15 a.m.14 views

CVE-2025-22384

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching...

7.5CVSS5.8AI score0.00407EPSS
Exploits0References1
Rows per page
Query Builder