Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:10 a.m.6 views

CVE-2023-32802

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Pre-Orders plugin = 1.9.0 versions...

7.1CVSS5.9AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:57 a.m.9 views

CVE-2023-3507

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...

6.5CVSS6.8AI score0.00261EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:35 a.m.7 views

CVE-2023-32793

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Pre-Orders plugin = 2.0.0 versions...

6.5CVSS5.2AI score0.00374EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:16 a.m.8 views

CVE-2023-3508

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF atta...

6.5CVSS6.7AI score0.00261EPSS
Exploits2References1
OSV
OSV
added 2023/11/06 10:15 a.m.3 views

CVE-2023-46783

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin = 1.2.13 versions...

5.4CVSS7.3AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2023/08/30 12:15 p.m.3 views

CVE-2023-32793

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Pre-Orders plugin = 2.0.0 versions...

5.4CVSS7.3AI score0.00374EPSS
Exploits1References1
Prion
Prion
added 2023/08/30 12:15 p.m.22 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Pre-Orders plugin = 2.0.0 versions...

4.9CVSS5.2AI score0.00374EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.5 views

PT-2023-24027 · WordPress · Woocommerce Pre-Orders

Name of the Vulnerable Software and Affected Versions: WooCommerce Pre-Orders plugin versions = 2.0.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher permissions. There is no information provided about the estimated...

6.5CVSS5.8AI score0.00374EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.4 views

WordPress plugin WooCommerce Pre-Orders 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.8AI score0.00396EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.4 views

WordPress plugin WooCommerce Pre-Orders 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.5AI score0.00374EPSS
Exploits1References2
OSV
OSV
added 2023/07/31 10:15 a.m.3 views

CVE-2023-3507

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...

6.5CVSS7.4AI score0.00261EPSS
Exploits2References1
OSV
OSV
added 2023/07/31 10:15 a.m.3 views

CVE-2023-3508

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF atta...

6.5CVSS7.3AI score0.00261EPSS
Exploits2References1
Prion
Prion
added 2023/07/31 10:15 a.m.19 views

Cross site request forgery (csrf)

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...

4.3CVSS6.9AI score0.00261EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/31 9:37 a.m.8 views

CVE-2023-3508 WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF atta...

6.4AI score0.00261EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/07/31 9:37 a.m.9 views

CVE-2023-3507 WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...

6.4AI score0.00261EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/07/31 12:0 a.m.6 views

WordPress plugin WooCommerce Pre-Orders 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

6.5CVSS7.4AI score0.00261EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/07/31 12:0 a.m.6 views

WordPress plugin WooCommerce Pre-Orders 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

6.5CVSS7.6AI score0.00261EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/07/10 12:0 a.m.19 views

WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF

The plugin has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks PoC Make a logged in admin open an HTML pa...

6.7AI score0.00261EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.14 views

WooCommerce Pre-Orders < 2.0.2 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC When there is at least one pre-order, make a logged in admin open the URL below...

6AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/21 12:0 a.m.17 views

WooCommerce Pre-Orders < 2.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape its layout shortcode attribute before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC woocommercepreordercountdown productid="64"...

5.5AI score0.00374EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder