Show filters
22 Total Results
Displaying 21-22 of 22
Sort by:
Attacker Value
Unknown

CVE-2022-0412

Disclosure Date: February 28, 2022 (last updated February 23, 2025)
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16251

Disclosure Date: October 31, 2019 (last updated November 27, 2024)
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  < Previous