6 matches found
CVE-2024-1697
The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the savewcfeoptions function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-33956
Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0...
CVE-2024-33956
Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0...
Custom WooCommerce Checkout Fields Editor < 1.3.1 - Cross-Site Request Forgery
Description The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized...
WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Custom WooCommerce Checkout Fields Editor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30518 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1753adeaf82a...
CVE-2024-1697
The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the savewcfeoptions function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...