Lucene search
K

23 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34809

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00369EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50305

Malicious code in bioql PyPI...

6.1CVSS8.6AI score0.00443EPSS
Exploits0References2
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-9710 Malicious code in @yotpo-platform-packages/platform-bridge (npm)

The package @yotpo-platform-packages/platform-bridge was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.4 views

CVE-2024-9356

The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS7.4AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:6 a.m.6 views

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

6.5CVSS6.8AI score0.00369EPSS
Exploits1References1
NVD
NVD
added 2024/11/15 6:15 a.m.15 views

CVE-2024-9356

The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS0.00443EPSS
Exploits0References3
OSV
OSV
added 2024/11/15 6:15 a.m.2 views

CVE-2024-9356

The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS5.9AI score0.00443EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/15 5:30 a.m.17 views

CVE-2024-9356 Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.9 - Reflected Cross-Site Scripting

The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS0.00443EPSS
Exploits0References3
CVE
CVE
added 2024/11/15 5:30 a.m.67 views

CVE-2024-9356

The CVE CVE-2024-9356 affects the Yotpo: Product & Photo Reviews for WooCommerce WordPress plugin. It enables Reflected Cross-Site Scripting via the yotpo_user_email and yotpo_user_name parameters in all versions up to and including 1.7.8 due to insufficient input sanitization and output escaping...

6.1CVSS7.4AI score0.00443EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/15 5:30 a.m.11 views

CVE-2024-9356 Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.8 - Reflected Cross-Site Scripting

The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.4AI score0.00443EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.3 views

WordPress plugin Yotpo: Product & Photo Reviews for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.1CVSS7.7AI score0.00443EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.6 views

PT-2024-39590 · Yotpo · Yotpo: Product & Photo Reviews For Woocommerce

Name of the Vulnerable Software and Affected Versions: Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress versions up to, and including, 1.7.8 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allo...

6.1CVSS8.6AI score0.00443EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/11/14 9:32 p.m.5 views

WordPress Yotpo plugin <= 1.7.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Yotpo versions = 1.7.9...

6.1CVSS6.3AI score0.00443EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.9 views

WordPress Yotpo Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)

Software Yotpo Type Plugin Vulnerable versions = 1.7.9 Fixed in 1.7.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9356 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48b331f5954d Credits vgo0 Required privilege...

6.1CVSS6AI score0.00443EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/08/22 3:15 p.m.18 views

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

6.5CVSS0.00369EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.2 views

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

6.5CVSS6.6AI score0.00369EPSS
Exploits1References2
OSV
OSV
added 2022/08/22 3:15 p.m.3 views

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score0.00369EPSS
Exploits1References1
Prion
Prion
added 2022/08/22 3:15 p.m.13 views

Cross site request forgery (csrf)

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

4.3CVSS6.4AI score0.00369EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 3:4 p.m.20 views

CVE-2022-2555 Yotpo Reviews for WooCommerce <= 2.0.4 - Arbitrary Settings Update via CSRF

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

6.6AI score0.00369EPSS
Exploits1References1
CVE
CVE
added 2022/08/22 3:4 p.m.66 views

CVE-2022-2555

The CVE-2022-2555 entry concerns the Yotpo Reviews for WooCommerce WordPress plugin (versions 2.0.4 and earlier). The root cause is missing nonce validation when updating plugin settings, enabling CSRF where a logged-in admin could change settings. Impact is unauthorized configuration changes; ex...

6.5CVSS6.4AI score0.00369EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder