Show filters
1,835 Total Results
Displaying 101-110 of 1,835
Sort by:
Attacker Value
Unknown
CVE-2025-24633
Disclosure Date: January 24, 2025 (last updated January 25, 2025)
Missing Authorization vulnerability in silverplugins217 Build Private Store For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Build Private Store For Woocommerce: from n/a through 1.0.
0
Attacker Value
Unknown
CVE-2025-24625
Disclosure Date: January 24, 2025 (last updated January 25, 2025)
Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through 5.1.
0
Attacker Value
Unknown
CVE-2025-24596
Disclosure Date: January 24, 2025 (last updated February 12, 2025)
Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7.
0
Attacker Value
Unknown
CVE-2025-24594
Disclosure Date: January 24, 2025 (last updated January 25, 2025)
Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7.
0
Attacker Value
Unknown
CVE-2025-23991
Disclosure Date: January 24, 2025 (last updated January 25, 2025)
Missing Authorization vulnerability in theDotstore Product Size Charts Plugin for WooCommerce.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through 2.4.5.
0
Attacker Value
Unknown
CVE-2024-13511
Disclosure Date: January 23, 2025 (last updated February 06, 2025)
The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access.
0
Attacker Value
Unknown
CVE-2025-23966
Disclosure Date: January 22, 2025 (last updated January 23, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlaFalaki a Gateway for Pasargad Bank on WooCommerce allows Reflected XSS. This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a through 2.5.2.
0
Attacker Value
Unknown
CVE-2025-23495
Disclosure Date: January 22, 2025 (last updated January 23, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WooCommerce Order Search allows Reflected XSS. This issue affects WooCommerce Order Search: from n/a through 1.1.0.
0
Attacker Value
Unknown
CVE-2025-22318
Disclosure Date: January 21, 2025 (last updated January 22, 2025)
Missing Authorization vulnerability in Eniture Technology Standard Box Sizes – for WooCommerce. This issue affects Standard Box Sizes – for WooCommerce: from n/a through 1.6.13.
0
Attacker Value
Unknown
CVE-2024-13519
Disclosure Date: January 18, 2025 (last updated January 18, 2025)
The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
0
