Filtered by vendor Wpovernight
Subscribe
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9927 | 1 Wpovernight | 1 Woocommerce Order Proposal | 2024-10-25 | N/A | 7.2 HIGH |
| The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators. | |||||
| CVE-2024-22147 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-02-05 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5. | |||||
| CVE-2023-34170 | 1 Wpovernight | 1 Download Quick\/bulk Order Form For Woocommerce | 2024-02-04 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin <= 3.5.7 versions. | |||||
| CVE-2022-47148 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-02-04 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss. | |||||
| CVE-2022-2092 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. | |||||
| CVE-2022-2537 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-02-04 | N/A | 6.1 MEDIUM |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. | |||||
| CVE-2021-24991 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard | |||||
| CVE-2017-18506 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens. | |||||