Show filters
14 Total Results
Displaying 1-10 of 14
Sort by:
Attacker Value
Unknown

CVE-2025-24632

Disclosure Date: January 31, 2025 (last updated January 31, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce allows Reflected XSS. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.0.
0
0
Attacker Value
Unknown

CVE-2024-10828

Disclosure Date: November 13, 2024 (last updated November 20, 2024)
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-31266

Disclosure Date: April 25, 2024 (last updated April 25, 2024)
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4.
0
0
Attacker Value
Unknown

CVE-2022-40203

Disclosure Date: January 17, 2024 (last updated January 25, 2024)
Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-43488

Disclosure Date: October 30, 2022 (last updated December 22, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-43491

Disclosure Date: October 30, 2022 (last updated December 22, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-41655

Disclosure Date: October 24, 2022 (last updated December 22, 2024)
Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-40128

Disclosure Date: October 20, 2022 (last updated November 21, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-38095

Disclosure Date: September 14, 2022 (last updated October 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-35275

Disclosure Date: August 25, 2022 (last updated November 21, 2024)
Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
View More Topics  Next >