35 matches found
PT-2025-24073 · Themehigh · Themehigh Dynamic Pricing/Discount Rules
Name of the Vulnerable Software and Affected Versions: ThemeHigh Dynamic Pricing and Discount Rules versions 2.2.9 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed. This can lead to security breaches where an...
CVE-2023-51545
Cross-Site Request Forgery CSRF, Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4...
CVE-2024-32781
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0...
CVE-2024-35658
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...
CVE-2024-35658
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...
CVE-2024-35658
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...
CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...
CVE-2024-35658
CVE-2024-35658: Path Traversal vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows unauthenticated file deletion. Affected: Checkout Field Editor for WooCommerce (Pro) up to version 3.6.2. Root cause: improper limitation of a pathname to restricted directories. Remediati...
CVE-2024-32781
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0...
CVE-2023-51545
Cross-Site Request Forgery CSRF, Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4...
CVE-2023-51545
Cross-Site Request Forgery CSRF, Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF, Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4...
CVE-2023-51545 WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection
Cross-Site Request Forgery CSRF, Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4...
CVE-2023-51545
CVE-2023-51545 affects the WordPress plugin "Job Manager & Career – Manage job board listings, and recruitments" (ThemeHigh). Description in connected docs indicates a Cross-Site Request Forgery leading to PHP object injection, impacting versions up to 1.4.4 (no specific vulnerable version range ...
ThemeHigh WooCommerce Wishlist and Comparison < 1.0.5 - Unauthorised AJAX call
Some AJAX actions did not have proper CSRF and authorisation checks, allowing unauthorised call either via unauthenticated/low privilege users or CSRF, which could allow attackers to reset or change the settings of the plugin for example PoC Reset arbitrary option in the plugin v 1.0.5 POST...