17 matches found
CVE-2023-4216
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
EUVD-2025-198945
Malicious code in @posthog/github-release-tracking-plugin npm...
EUVD-2021-11974
Malware in sbrugna...
WordPress AfterShip Tracking Plugin <= 1.17.17 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin AfterShip Tracking versions = 1.17.17...
WordPress plugin AfterShip Tracking 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Cart tracking for WooCommerce plugin <= 1.0.16 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by kuteminh11 - VNPT Cyber Immunity in WordPress Plugin Cart tracking for WooCommerce versions = 1.0.16...
WordPress WPCargo Track & Trace plugin <= 8.0.2 - Settings Change vulnerability
Settings Change vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WPCargo Track & Trace versions = 8.0.2...
CVE-2024-5768
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimoupdateprovider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress plugin The Orders Tracking for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Marketo Forms and Tracking Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Marketo Forms and Tracking Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2020-6849 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 49ac15351483 Credits Zeroauth...
CVE-2023-4216
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
WordPress Order Tracking Plugin <= 3.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Order Tracking Type Plugin Vulnerable versions = 3.3.6 Fixed in 3.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4500 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1251cfa80c41 Credits Marco Wotschka Required...
WordPress Simple Tracking plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of WordPress Simple Tracking plugin prior to 1.7, which stems from the plugin's...
CVE-2022-0700
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0700
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of WordPress Simple Tracking plugin prior to 1.7, which stems from the plugin's...
CVE-2020-6849
The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketofat CSRF with resultant XSS...