CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

RedhatCVE•added 2025/12/07 6:5 a.m.•4 views

CVE-2025-13137

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'woomotivlimit' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.6AI score0.00106EPSS

Exploits0References1

EUVD•added 2025/12/06 6:30 a.m.•1 views

EUVD-2025-201536

6.1CVSS5.2AI score0.00106EPSS

Exploits0References3

NVD•added 2025/12/06 6:15 a.m.•2 views

CVE-2025-13137

6.1CVSS0.00106EPSS

Exploits0References2

Cvelist•added 2025/12/06 5:49 a.m.•12 views

CVE-2025-13137 Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting

6.1CVSS0.00106EPSS

Exploits0References2

CVE•added 2025/12/06 5:49 a.m.•11 views

CVE-2025-13137

CVE-2025-13137 – Live Sales Notification for Woocommerce – Woomotiv : Reflected XSS via the woocomotiv_limit parameter affecting the WordPress plugin up to version 3.6.3. The vulnerability arises from insufficient input sanitization and output escaping, permitting unauthenticated attackers to inj...

6.1CVSS5.3AI score0.00106EPSS

Exploits0References2

Vulnrichment•added 2025/12/06 5:49 a.m.•3 views

CVE-2025-13137 Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting

6.1CVSS5.3AI score0.00106EPSS

Exploits0References2

Positive Technologies•added 2025/12/06 12:0 a.m.•3 views

PT-2025-49338

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'woomotiv limit' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.6AI score0.00106EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-50839

Malicious code in bioql PyPI...

7.5CVSS8.7AI score0.00708EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 9:59 a.m.•3 views

CVE-2024-1325

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajaxcancelreview' function. This makes it possible for unauthenticated...

4.3CVSS6.4AI score0.00075EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 10:27 a.m.•3 views

CVE-2024-12416

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotivseenproducts.' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS7.5AI score0.00708EPSS

Exploits0References1

NVD•added 2025/01/07 4:15 a.m.•5 views

CVE-2024-12416

7.5CVSS0.00708EPSS

Exploits0References2

Vulnrichment•added 2025/01/07 3:21 a.m.•7 views

CVE-2024-12416 Woomotiv <= 3.6.1 - Unauthenticated SQL Injection

7.5CVSS7.8AI score0.00708EPSS

Exploits0References4

CVE•added 2025/01/07 3:21 a.m.•42 views

CVE-2024-12416

CVE-2024-12416 affects the WordPress plugin “Live Sales Notification for Woocommerce – Woomotiv.” The vulnerability is an SQL Injection via the cookie parameter woomotiv_seen_products_.*, affecting all versions up to 3.6.1. Root cause: insufficient escaping of user-supplied data and lack of prope...

7.5CVSS7.7AI score0.00708EPSS

Exploits0References2

Cvelist•added 2025/01/07 3:21 a.m.•10 views

CVE-2024-12416 Woomotiv <= 3.6.1 - Unauthenticated SQL Injection

7.5CVSS0.00708EPSS

Exploits0References2

CNNVD•added 2025/01/07 12:0 a.m.•1 views

WordPress plugin Woomotiv SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

7.5CVSS8.8AI score0.00708EPSS

Exploits0References4

Patchstack•added 2025/01/06 5:2 p.m.•3 views

WordPress Woomotiv plugin <= 3.6.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Frissi0n in WordPress Plugin Live Sales Notification for Woocommerce - Woomotiv versions = 3.6.1...

7.5CVSS8.1AI score0.00708EPSS

Exploits0References1Affected Software1

OSV•added 2024/03/20 7:15 a.m.•1 views

CVE-2024-1325

4.3CVSS5.7AI score

Exploits0References3

Vulnrichment•added 2024/03/20 6:48 a.m.•11 views

CVE-2024-1325

4.3CVSS6.4AI score0.00075EPSS

Exploits1References3

CVE•added 2024/03/20 6:48 a.m.•49 views

CVE-2024-1325

CVE-2024-1325 affects the Live Sales Notification for Woocommerce – Woomotiv WordPress plugin (versions ≤ 3.4.3). The vulnerability is Cross-Site Request Forgery due to missing or incorrect nonce validation in the ajax_cancel_review function, enabling unauthenticated attackers to reset the site’s...

4.3CVSS8.9AI score0.00075EPSS

Exploits1References4Affected Software1

CNNVD•added 2024/03/20 12:0 a.m.•1 views

WordPress Plugin Woomotiv Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.6AI score0.00075EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by