Filtered by vendor Woocommerce
Subscribe
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10112 | 1 Woocommerce | 1 Wooframework Branding | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652. | |||||
| CVE-2015-10104 | 1 Woocommerce | 1 Icons For Features | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756. | |||||
| CVE-2024-9944 | 1 Woocommerce | 1 Woocommerce | 2024-10-17 | N/A | 6.1 MEDIUM |
| The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions. | |||||