11 matches found
EUVD-2023-42897
Malicious code in bioql PyPI...
CVE-2023-39162
Unauth. Reflected Cross-Site Scripting XSS vulnerability in XLPlugins User Email Verification for WooCommerce plugin = 3.5.0 versions...
CVE-2024-4186
The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'ebuseremailverificationkey' default value is empty, and the not empty check is missing in the 'ebuseremailverify' function. This makes it possible for...
CVE-2023-39162
Unauth. Reflected Cross-Site Scripting XSS vulnerability in XLPlugins User Email Verification for WooCommerce plugin = 3.5.0 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in XLPlugins User Email Verification for WooCommerce plugin = 3.5.0 versions...
CVE-2023-39162
CVE-2023-39162: Unauthenticated reflected XSS in XLPlugins User Email Verification for WooCommerce, versions
PT-2023-26817 · Xlplugins · Xlplugins User Email Verification For Woocommerce
Name of the Vulnerable Software and Affected Versions: XLPlugins User Email Verification for WooCommerce plugin versions = 3.5.0 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...
WordPress User Email Verification for WooCommerce Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)
Software User Email Verification for WooCommerce Type Plugin Vulnerable versions = 3.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-39162 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1c9649928e7b...
WordPress User Email Verification for WooCommerce Plugin <= 3.5.0 is vulnerable to Broken Authentication
Software User Email Verification for WooCommerce Type Plugin Vulnerable versions = 3.5.0 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2781 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 9f959445cfce Credits Lana Cod...
Authentication flaw
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticateuserbyemail in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resendverificationemail function. This allows unauthenticated...
User Email Verification for WooCommerce <= 3.5.0 - Authentication bypass via weak token generation
The plugin uses a weak random token when resending email address verifications, allowing an unauthenticated attacker to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts. Furthermore, if the Allow Automatic Login After Successful...