CVE-2023-45271

Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through = 2.7.8...

EUVD-2023-51875

Malicious code in bioql PyPI...

EUVD-2024-21007

Malicious code in bioql PyPI...

EUVD-2023-49577

Malicious code in bioql PyPI...

CVE-2024-8393 Woocommerce Blocks – Woolook <= 1.7.0 - Authenticated (Admin+) Local File Inclusion

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...

CVE-2023-47777

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1...

CVE-2024-23512

Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4...

CVE-2023-45271

Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through = 2.7.8...

CVE-2024-4042 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input...

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

Description The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficien...

CVE-2024-0881 Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

WordPress WooCommerce Blocks Plugin < 11.1.2 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:automattic:woocommerceblocks"; ifdescription...

CVE-2023-47777

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1...

CVE-2023-47777 WordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1...

WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 2.7.8 is vulnerable to Broken Access Control

Software ProductX – Gutenberg WooCommerce Blocks Type Plugin Vulnerable versions = 2.7.8 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-45271 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca21a9a7374c Credits Abdi...

CVE-2021-32789

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...

WordPress WooCommerce Blocks Plugin SQL Injection Vulnerability (Jul 2021) - Active Check

The WooCommerce Blocks plugin for WordPress is prone to an SQL injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

WordPress WooCommerce Blocks Plugin SQL Injection Vulnerability (Jul 2021) - Version Check

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Critical SQL Injection Vulnerability Patched in WooCommerce

Update: The article originally credited Tommy DeVoss dawgyg for the discovery. Weve since been contacted by Tommy, who let us know that the credit should go to another researcher, Josh from DOS Development Operations Security On July 14, 2021, WooCommerce released an emergency patch for a SQL...