3 matches found
CVE-2022-0215
The CVE-2022-0215 issue affects three WordPress plugins by XootiX: Login/Signup Popup, Side Cart Woocommerce, and Waitlist Woocommerce. Root cause is a Cross-Site Request Forgery (CSRF) vulnerability in the save_settings function within ~/includes/xoo-framework/admin/class-xoo-admin-settings.php,...
CVE-2024-5324
CVE-2024-5324 affects the WordPress plugin Login/Signup Popup (Inline Form + Woocommerce). Versions 2.7.1–2.7.2 lack a capability check in import_settings, allowing authenticated users with Subscriber-level access and above to modify arbitrary options, enabling new user registrations and potentia...
CVE-2024-8724
CVE-2024-8724 affects the WordPress Waitlist Woocommerce (Back in stock notifier) plugin. A reflected XSS exists in all versions up to 2.7.5 due to improper escaping when constructing URLs with add_query_arg, enabling unauthenticated attackers to inject scripts if a user clicks a manipulated link...