22 matches found
CVE-2023-32802
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Pre-Orders plugin = 1.9.0 versions...
CVE-2023-3507
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...
CVE-2023-32793
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Pre-Orders plugin = 2.0.0 versions...
CVE-2023-3508
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF atta...
CVE-2023-46783
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin = 1.2.13 versions...
CVE-2023-32793
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Pre-Orders plugin = 2.0.0 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Pre-Orders plugin = 2.0.0 versions...
PT-2023-24027 · WordPress · Woocommerce Pre-Orders
Name of the Vulnerable Software and Affected Versions: WooCommerce Pre-Orders plugin versions = 2.0.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher permissions. There is no information provided about the estimated...
WordPress plugin WooCommerce Pre-Orders 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin WooCommerce Pre-Orders 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-3507
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...
CVE-2023-3508
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF atta...
Cross site request forgery (csrf)
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...
CVE-2023-3508 WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF atta...
CVE-2023-3507 WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...
WordPress plugin WooCommerce Pre-Orders 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress plugin WooCommerce Pre-Orders 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF
The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks PoC Make a logged in admin open an HTML pa...
WooCommerce Pre-Orders < 2.0.2 - Reflected XSS
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC When there is at least one pre-order, make a logged in admin open the URL below...
WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS
The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC woocommercepreordercountdown productid="64"...