3 matches found
CVE-2024-35658
CVE-2024-35658: Path Traversal vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows unauthenticated file deletion. Affected: Checkout Field Editor for WooCommerce (Pro) up to version 3.6.2. Root cause: improper limitation of a pathname to restricted directories. Remediati...
CVE-2022-3490
The CVE-2022-3490 entry concerns the WordPress WooCommerce plugin “Checkout Field Editor (Checkout Manager)” and affects versions prior to 1.8.0. The authenticated vulnerability arises from unserializing user input provided via the plugin settings, which an admin/high-privilege user can abuse to ...
CVE-2024-8499
CVE-2024-8499 affects the WordPress plugin “Checkout Field Editor (Checkout Manager) for WooCommerce.” It is vulnerable to a Reflected Cross-Site Scripting (XSS) via the function render_review_request_notice in versions ≤ 2.0.3 due to insufficient input sanitization and output escaping. Exploitat...