Customer Reviews for WooCommerce Vulnerability – Improper Authorization via submit_review – CVE-2024-1044 | WordPress Plugin Vulnerability Report

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole Software Downloads: 3,898,158 Active Installs: 60,000 Last Updated: February 13, 2024 Patched Versions: 5.39.0 Affected Versions: <= 5.38.12 Vulnerability Details: Name: Customer Reviews for WooCommerce <= 5.38.12 Title: Improper Authorization via submit_review Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE:…

Read More

BEAR Vulnerability– Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Missing Authorization via Several Functions – CVE-2024-24835 | WordPress Plugin Vulnerability Report

Plugin Name: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Key Information: Software Type: Plugin Software Slug: woo-bulk-editor Software Status: Active Software Author: realmag777 Software Downloads: 545,399 Active Installs: 30,000 Last Updated: February 8, 2024 Patched Versions: 1.1.4.1 Affected Versions: <= 1.1.4 Vulnerability Details: Name: BEAR <= 1.1.4 Title: Missing Authorization…

Read More

Easy Digital Downloads Vulnerability– Sell Digital Files (eCommerce Store & Payments Made Easy) – Authenticated (Shop Manager+) Stored Cross-Site Scripting – CVE-2024-0659 | WordPress Plugin Vulnerability Report

Plugin Name: Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,802,741 Active Installs: 50,000 Last Updated: February 8, 2024 Patched Versions: 3.2.7 Affected Versions: <= 3.2.6 Vulnerability Details: Name: Easy Digital Downloads <= 3.2.6…

Read More

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: Mihail Barinov Software Downloads: 3,318,679 Active Installs: 70,000 Last Updated: January 12, 2024 Patched Versions: 2.97 Affected Versions: <= 2.96 Vulnerability Details: Name: Advanced Woo Search <= 2.96 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-0251 CVSS…

Read More

PDF Invoices & Packing Slips for WooCommerce – Authenticated SQL Injection – CVE-2024-22147 | WordPress Plugin Vulnerability Report

Plugin Name: PDF Invoices & Packing Slips for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-pdf-invoices-packing-slips Software Status: Active Software Author: wpovernight Software Downloads: 14,467,174 Active Installs: 300,000 Last Updated: January 12, 2024 Patched Versions: 3.7.6 Affected Versions: <= 3.7.5 Vulnerability Details: Name: PDF Invoices & Packing Slips for WooCommerce <= 3.7.5 Title: Authenticated…

Read More

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: mihail-barinov Software Downloads: 3,318,679 Active Installs: 70,000 Last Updated: January 12, 2024 Patched Versions: 2.97 Affected Versions: <= 2.96 Vulnerability Details: Name: Advanced Woo Search <= 2.96 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-0251 CVSS Score:…

Read More

WooCommerce Vulnerability – Reflected Cross-Site Scripting | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce Software Status: Active Software Author: woothemes Software Downloads: 289,194,192 Active Installs: 5,000,000 Last Updated: January 12, 2024 Patched Versions: 8.4.0 Affected Versions: < 8.4.0 Vulnerability Details: Name: WooCommerce < 8.4.0 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: NA CVSS Score: 6.1 Publicly Published: January…

Read More