Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van Toan Woocommerce Vietnam Checkout plugin <= 2.0.4 versions.
7.1CVSS
5.9AI Score
0.001EPSS
The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS
6.1CVSS
5.9AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê Văn Toản Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7.
5.9CVSS
5.9AI Score
0.0004EPSS
The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and ...
8.8CVSS
8.8AI Score
0.001EPSS