Lucene search
K

18403 matches found

Nuclei
Nuclei
added 11 hours ago63 views

WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting

WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the...

6.1CVSS6.4AI score0.01477EPSS
Exploits2References4
Nuclei
Nuclei
added 11 hours ago52 views

WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting

The Wordpress plugin WooCommerce PDF Invoices & Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard. id: CVE-2021-24991 info: name: WooCommerce PDF Invoices & Packing Slips...

4.8CVSS6.1AI score0.01188EPSS
Exploits3References4
Nuclei
Nuclei
added 11 hours ago40 views

WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting

WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter. id: CVE-2018-5316 info: name: WordPress SagePay Server Gateway for WooCommerce 1.0.9 - Cross-Site Scripting author: daffainfo severity: medium...

6.1CVSS6.3AI score0.03685EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago25 views

WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting

A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the apiurl parameter. id: CVE-2014-4558 info: name: WooCommerce Swipe = 2.7.1 - Cross-Site...

6.1CVSS6.5AI score0.04055EPSS
Exploits2References4
Nuclei
Nuclei
added 11 hours ago39 views

Woo Bulk Price Update <2.2.2 - Cross-Site Scripting

The Woo Bulk Price Update WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the technogetproducts action, which can only be triggered by an authenticated user. id: CVE-2023-28665 info: name: Woo Bulk Price Update 2.2.2 -...

5.4CVSS6.1AI score0.00887EPSS
Exploits2References4
Nuclei
Nuclei
added 11 hours ago148 views

WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. id: CVE-2021-24849 info: name: WCFM...

9.8CVSS7.1AI score0.0848EPSS
Exploits2References3
Nuclei
Nuclei
added 11 hours ago72 views

WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...

9.8CVSS7.1AI score0.04427EPSS
Exploits2References3
Nuclei
Nuclei
added 11 hours ago69 views

Ubigeo de Peru < 3.6.4 - SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections. id: CVE-2022-0814 info: name: Ubigeo de Peru 3.6.4 - SQL Injection author: r3Y3r53...

9.8CVSS7.1AI score0.09495EPSS
Exploits2References4
Nuclei
Nuclei
added 11 hours ago33 views

WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting

The plugin was affected by a reflected cross-site scripting vulnerability in the wooce admin page. id: CVE-2022-0149 info: name: WooCommerce Stored Exporter WordPress Plugin 2.7.1 - Cross-Site Scripting author: dhiyaneshDk severity: medium description: The plugin was affected by a reflected...

6.1CVSS6.4AI score0.02337EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago119 views

WordPress WooCommerce <3.1.2 - Arbitrary Function Call

WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary...

9.8CVSS7.1AI score0.26586EPSS
Exploits2References2
Nuclei
Nuclei
added 11 hours ago274 views

WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...

7.5CVSS7AI score0.17227EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago51 views

WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read

WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33901 info:...

7.5CVSS7.1AI score0.02193EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago27 views

Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...

9.8CVSS6.8AI score0.54754EPSS
Exploits6References3
Nuclei
Nuclei
added 11 hours ago14 views

NotificationX Dropshipping < 4.4 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection id: CVE-2022-3481 info: name: NotificationX Dropshipping 4.4 - SQL Injection author: ritikchaddha severity: critical...

9.8CVSS7.1AI score0.03686EPSS
Exploits2References2
Nuclei
Nuclei
added 11 hours ago108 views

WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting

WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This...

6.1CVSS6.7AI score0.01213EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago57 views

WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting

WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This...

6.1CVSS6.8AI score0.0085EPSS
Exploits2References3
Nuclei
Nuclei
added 11 hours ago69 views

WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting

WordPress Active Products Tables for WooCommerce plugin prior to 1.0.5 contains a cross-site scripting vulnerability.. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, An attacker can inject arbitrary script in the browser of an...

6.1CVSS6.5AI score0.01872EPSS
Exploits1References4
Nuclei
Nuclei
added 11 hours ago5 views

XStore Theme < 9.7.3 - SQL Injection

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2026-3326 info: name: XStore Theme 9.7.3 - SQL Injection author: VixianSchool...

8.6CVSS6.1AI score0.00969EPSS
Exploits0References2
Nuclei
Nuclei
added 11 hours ago71 views

WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read

WooCommerce Designer Pro theme for WordPress = 1.9.28 contains an arbitrary file read vulnerability caused by improper input validation, letting unauthenticated attackers read arbitrary files including sensitive configuration files, exploit requires no authentication. id: CVE-2025-10897 info: nam...

8.6CVSS6.2AI score0.01844EPSS
Exploits0References2
Nuclei
Nuclei
added 11 hours ago24 views

Ocean Extra <= 2.4.6 - Unauthenticated Shortcode Execution

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to supply arbitrary shortcodes in the contentrechdata parameter that is then executed. This makes it possible for...

9.8CVSS7.3AI score0.01852EPSS
Exploits0References4
Rows per page
Query Builder