Search Results | AttackerKB

219 Total Results

Displaying 81-90 of 219

Attacker Value

Unknown

CVE-2023-35879

Disclosure Date: October 31, 2023 (last updated November 09, 2023)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.

Attacker Value

Unknown

CVE-2023-5745

Disclosure Date: October 25, 2023 (last updated November 03, 2023)

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2023-45072

Disclosure Date: October 18, 2023 (last updated October 25, 2023)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kardi Order auto complete for WooCommerce plugin <= 1.2.0 versions.

Attack Vector: Network Privileges: High User Interaction: Required

Attacker Value

Unknown

CVE-2023-3547

Disclosure Date: September 25, 2023 (last updated October 08, 2023)

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2023-4528

Disclosure Date: September 07, 2023 (last updated October 08, 2023)

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface

Attack Vector: Network Privileges: High User Interaction: None