Search Results | AttackerKB

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2023-34386

Disclosure Date: November 09, 2023 (last updated November 15, 2023)

Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.

Attacker Value

Unknown

CVE-2022-1465

Disclosure Date: May 16, 2022 (last updated October 07, 2023)

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2022-0397

Disclosure Date: March 28, 2022 (last updated October 07, 2023)

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting

Attack Vector: Network Privileges: Low User Interaction: Required

3 Total Results

Displaying 1-3 of 3

Unknown

CVE-2023-34386

Unknown

CVE-2022-1465

Unknown

CVE-2022-0397

Quick Cookie Notification