Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.19 views

CVE-2023-4216

The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...

2.7CVSS6.6AI score0.00545EPSS
Exploits2References1
EUVD
EUVD
added 2025/11/24 4:31 p.m.4 views

EUVD-2025-198945

Malicious code in @posthog/github-release-tracking-plugin npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11974

Malware in sbrugna...

6.1CVSS6.2AI score0.00887EPSS
Exploits2References3
Patchstack
Patchstack
added 2025/08/27 7:2 p.m.4 views

WordPress AfterShip Tracking Plugin <= 1.17.17 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin AfterShip Tracking versions = 1.17.17...

5.3CVSS6.7AI score0.00203EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.3 views

WordPress plugin AfterShip Tracking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.5AI score0.00203EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/27 3:6 a.m.3 views

WordPress Cart tracking for WooCommerce plugin <= 1.0.16 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by kuteminh11 - VNPT Cyber Immunity in WordPress Plugin Cart tracking for WooCommerce versions = 1.0.16...

7.6CVSS8AI score0.00562EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/12/11 3:45 p.m.3 views

WordPress WPCargo Track & Trace plugin <= 8.0.2 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WPCargo Track & Trace versions = 8.0.2...

5.4CVSS7AI score0.00476EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/06/19 4:15 a.m.17 views

CVE-2024-5768

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimoupdateprovider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

WordPress plugin The Orders Tracking for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

6.5CVSS7.5AI score0.00623EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/02/23 12:0 a.m.10 views

WordPress Marketo Forms and Tracking Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Marketo Forms and Tracking Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2020-6849 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 49ac15351483 Credits Zeroauth...

8.8CVSS5.6AI score0.0132EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2023/09/04 12:15 p.m.12 views

CVE-2023-4216

The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...

2.7CVSS7.3AI score0.00545EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/08/29 12:0 a.m.12 views

WordPress Order Tracking Plugin <= 3.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Order Tracking Type Plugin Vulnerable versions = 3.3.6 Fixed in 3.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4500 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1251cfa80c41 Credits Marco Wotschka Required...

4.8CVSS5.8AI score0.003EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/03/16 12:0 a.m.27 views

WordPress Simple Tracking plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of WordPress Simple Tracking plugin prior to 1.7, which stems from the plugin's...

4.8CVSS2.2AI score0.00612EPSS
Exploits2References1
OSV
OSV
added 2022/03/14 3:15 p.m.3 views

CVE-2022-0700

The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00612EPSS
Exploits2References1
NVD
NVD
added 2022/03/14 3:15 p.m.27 views

CVE-2022-0700

The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00612EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.3 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of WordPress Simple Tracking plugin prior to 1.7, which stems from the plugin's...

4.8CVSS5.2AI score0.00612EPSS
Exploits2References2
OSV
OSV
added 2020/01/21 7:15 p.m.12 views

CVE-2020-6849

The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketofat CSRF with resultant XSS...

8.8CVSS7AI score
Exploits0References3
Rows per page
Query Builder