23 matches found
EUVD-2022-34809
Malicious code in bioql PyPI...
EUVD-2024-50305
Malicious code in bioql PyPI...
MAL-2025-9710 Malicious code in @yotpo-platform-packages/platform-bridge (npm)
The package @yotpo-platform-packages/platform-bridge was found to contain malicious code...
CVE-2024-9356
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it...
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
CVE-2024-9356
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-9356
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-9356 Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.9 - Reflected Cross-Site Scripting
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-9356
The CVE CVE-2024-9356 affects the Yotpo: Product & Photo Reviews for WooCommerce WordPress plugin. It enables Reflected Cross-Site Scripting via the yotpo_user_email and yotpo_user_name parameters in all versions up to and including 1.7.8 due to insufficient input sanitization and output escaping...
CVE-2024-9356 Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.8 - Reflected Cross-Site Scripting
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpouseremail' and 'yotpousername' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it...
WordPress plugin Yotpo: Product & Photo Reviews for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2024-39590 · Yotpo · Yotpo: Product & Photo Reviews For Woocommerce
Name of the Vulnerable Software and Affected Versions: Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress versions up to, and including, 1.7.8 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allo...
WordPress Yotpo plugin <= 1.7.9 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Yotpo versions = 1.7.9...
WordPress Yotpo Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS)
Software Yotpo Type Plugin Vulnerable versions = 1.7.9 Fixed in 1.7.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9356 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48b331f5954d Credits vgo0 Required privilege...
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
Cross site request forgery (csrf)
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
CVE-2022-2555 Yotpo Reviews for WooCommerce <= 2.0.4 - Arbitrary Settings Update via CSRF
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
CVE-2022-2555
The CVE-2022-2555 entry concerns the Yotpo Reviews for WooCommerce WordPress plugin (versions 2.0.4 and earlier). The root cause is missing nonce validation when updating plugin settings, enabling CSRF where a logged-in admin could change settings. Impact is unauthorized configuration changes; ex...