Lucene search
K

10 matches found

Patchstack
Patchstack
added 2024/11/18 12:0 a.m.17 views

WordPress Customer Reviews for WooCommerce Plugin <= 5.61.0 is vulnerable to Broken Access Control

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.61.0 Fixed in 5.62.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10614 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce10b4d9cbd7 Credits incognito...

4.3CVSS6.7AI score0.00272EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/16 12:0 a.m.8 views

WordPress Customer Reviews for WooCommerce Plugin <= 5.46.0 is vulnerable to Broken Access Control

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.46.0 Fixed in 5.47.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3243 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 13d177cd2664 Credits Thura Moe...

4.3CVSS6.6AI score0.00431EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/04/15 5:15 a.m.3 views

CVE-2024-1849

The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...

5.4CVSS7.3AI score0.00495EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/01/09 12:0 a.m.8 views

WordPress Customer Reviews for WooCommerce Plugin <= 5.38.9 is vulnerable to Arbitrary File Upload

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.38.9 Fixed in 5.38.10 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6979 Patch priority Medium CVSS severity Medium 9.8 Developer Claim ownership PSID f2b42bb42f3b Credits Artem Guzhva...

9.8CVSS6.8AI score0.01146EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.14 views

WordPress Customer Reviews Collector for WooCommerce Plugin <= 3.9 is vulnerable to Arbitrary File Upload

Software Customer Reviews Collector for WooCommerce Type Plugin Vulnerable versions = 3.9 Fixed in 4.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 9e0239dc9850 Credits Rafie Muhammad...

8CVSS7.2AI score0.00535EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.7 views

WordPress Plugin WP Customer Reviews Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.5AI score0.00524EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.19 views

WordPress Customer Reviews for WooCommerce Plugin < 5.16.0 is vulnerable to Local File Inclusion

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions 5.16.0 Fixed in 5.16.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0080 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 2a336810763e Credits István Márton Required...

8.8CVSS6.9AI score0.01125EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2022/09/22 12:0 a.m.22 views

WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to sending of test emails discovered by Muhammad Daffa Patchstack Alliance in WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available...

8.8CVSS4.2AI score0.00306EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/05/24 11:15 a.m.5 views

CVE-2021-24296

The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled...

4.8CVSS5.8AI score0.00617EPSS
Exploits2References1
CNVD
CNVD
added 2019/08/23 12:0 a.m.4 views

WordPress wp-customer-reviews plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress wp-customer-reviews plugin. An attacker can explo...

6.1CVSS6.3AI score0.00913EPSS
Exploits0References1
Rows per page
Query Builder