Show filters
8,626 Total Results
Displaying 361-370 of 8,626
Sort by:
Attacker Value
Unknown

CVE-2024-55996

Disclosure Date: December 16, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6.
0
0
Attacker Value
Unknown

CVE-2024-55978

Disclosure Date: December 16, 2024 (last updated February 27, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WalletStation.com Code Generator Pro allows SQL Injection.This issue affects Code Generator Pro: from n/a through 1.2.
0
0
Attacker Value
Unknown

CVE-2024-54439

Disclosure Date: December 16, 2024 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price allows Stored XSS.This issue affects Amazon Product Price: from n/a through 1.1.
0
0
Attacker Value
Unknown

CVE-2024-54417

Disclosure Date: December 16, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in Pixelgrade PixProof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through 2.0.1.
0
0
Attacker Value
Unknown

CVE-2024-54412

Disclosure Date: December 16, 2024 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Ecommerce Templates ECT Product Carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through 1.9.
0
0
Attacker Value
Unknown

CVE-2024-54386

Disclosure Date: December 16, 2024 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9.
0
0
Attacker Value
Unknown

CVE-2024-54358

Disclosure Date: December 16, 2024 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Avatar 3D Creator 3D Avatar User Profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through 1.0.0.
0
0
Attacker Value
Unknown

CVE-2024-37251

Disclosure Date: December 16, 2024 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.
0
0
Attacker Value
Unknown

CVE-2024-12448

Disclosure Date: December 14, 2024 (last updated February 27, 2025)
The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54342

Disclosure Date: December 13, 2024 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS Staggs Product Configurator for WooCommerce allows Reflected XSS.This issue affects Staggs Product Configurator for WooCommerce: from n/a through 2.0.0.
0
0
View More Topics  < Previous  Next >