Filtered by vendor Woocommerce
Subscribe
Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-18834 | 1 Woocommerce | 1 Subscriptions | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php. | |||||
CVE-2016-10987 | 1 Woocommerce | 1 Persian Woocommerce Sms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. | |||||
CVE-2019-14978 | 1 Woocommerce | 1 Payu India Payment Gateway | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price. | |||||
CVE-2018-20714 | 1 Woocommerce | 1 Woocommerce | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. | |||||
CVE-2019-9168 | 1 Woocommerce | 1 Woocommerce | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. | |||||
CVE-2015-2329 | 1 Woocommerce | 1 Woocommerce | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. | |||||
CVE-2016-10112 | 1 Woocommerce | 1 Woocommerce | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format. |