Show filters
50 Total Results
Displaying 31-40 of 50
Sort by:
Attacker Value
Unknown
CVE-2023-48778
Disclosure Date: December 18, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.
0
Attacker Value
Unknown
CVE-2023-4216
Disclosure Date: September 04, 2023 (last updated October 08, 2023)
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file.
0
Attacker Value
Unknown
CVE-2023-30482
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions.
0
Attacker Value
Unknown
CVE-2021-4395
Disclosure Date: July 01, 2023 (last updated October 08, 2023)
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
0
Attacker Value
Unknown
CVE-2021-4379
Disclosure Date: June 07, 2023 (last updated October 08, 2023)
The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices.
0
Attacker Value
Unknown
CVE-2022-46810
Disclosure Date: May 25, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.
0
Attacker Value
Unknown
CVE-2022-46812
Disclosure Date: May 25, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.
0
Attacker Value
Unknown
CVE-2022-47180
Disclosure Date: May 24, 2023 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions.
0
Attacker Value
Unknown
CVE-2023-24404
Disclosure Date: April 23, 2023 (last updated February 24, 2025)
Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions.
0
Attacker Value
Unknown
CVE-2022-46806
Disclosure Date: March 01, 2023 (last updated February 24, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification.
0
