Show filters
11 Total Results
Displaying 1-10 of 11
Sort by:
Attacker Value
Unknown

CVE-2025-22710

Disclosure Date: January 21, 2025 (last updated January 22, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StoreApps Smart Manager allows Blind SQL Injection. This issue affects Smart Manager: from n/a through 8.52.0.
0
0
Attacker Value
Unknown

CVE-2023-40327

Disclosure Date: January 02, 2025 (last updated January 03, 2025)
Missing Authorization vulnerability in Putler / Storeapps Putler Connector for WooCommerce.This issue affects Putler Connector for WooCommerce: from n/a through 2.12.0.
0
0
Attacker Value
Unknown

CVE-2024-49687

Disclosure Date: December 31, 2024 (last updated January 02, 2025)
Missing Authorization vulnerability in StoreApps Smart Manager.This issue affects Smart Manager: from n/a through 8.45.0.
0
0
Attacker Value
Unknown

CVE-2023-5663

Disclosure Date: March 13, 2024 (last updated April 01, 2024)
The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
0
0
Attacker Value
Unknown

CVE-2024-0566

Disclosure Date: February 12, 2024 (last updated October 10, 2024)
The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-35091

Disclosure Date: July 11, 2023 (last updated October 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-40694

Disclosure Date: November 17, 2022 (last updated December 22, 2024)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-36284

Disclosure Date: August 01, 2022 (last updated October 08, 2023)
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-25649

Disclosure Date: August 01, 2022 (last updated October 08, 2023)
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-24836

Disclosure Date: December 13, 2021 (last updated October 07, 2023)
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  Next >