Filtered by vendor Villatheme
Subscribe
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50831 | 1 Villatheme | 1 Curcy | 2023-12-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0. | |||||
| CVE-2023-48778 | 1 Villatheme | 1 Product Size Chart For Woocommerce | 2023-12-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5. | |||||
| CVE-2023-4216 | 1 Villatheme | 1 Orders Tracking For Woocommerce | 2023-11-07 | N/A | 2.7 LOW |
| The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file. | |||||
| CVE-2022-46806 | 1 Villatheme | 1 Cart All In One For Woocommerce | 2023-11-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification. | |||||
| CVE-2021-4395 | 1 Villatheme | 1 Abandoned Cart Recovery For Woocommerce | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4379 | 1 Villatheme | 1 Woocommerce Multi Currency | 2023-11-07 | N/A | 6.5 MEDIUM |
| The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices. | |||||
| CVE-2023-30482 | 1 Villatheme | 1 Wpbulky | 2023-08-10 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions. | |||||
| CVE-2022-46810 | 1 Villatheme | 1 Thank You Page Customizer For Woocommerce | 2023-06-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | |||||
| CVE-2022-46812 | 1 Villatheme | 1 Thank You Page Customizer For Woocommerce | 2023-05-31 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | |||||
| CVE-2022-44634 | 1 Villatheme | 1 S2w - Import Shopify To Woocommerce | 2022-11-22 | N/A | 4.9 MEDIUM |
| Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. | |||||
| CVE-2022-41623 | 1 Villatheme | 1 Dropshipping And Fulfillment For Aliexpress And Woocommerce | 2022-10-18 | N/A | 7.5 HIGH |
| Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress. | |||||
| CVE-2022-1037 | 1 Villatheme | 1 Exmage | 2022-04-27 | 6.5 MEDIUM | 7.2 HIGH |
| The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs | |||||
| CVE-2021-25062 | 1 Villatheme | 1 Orders Tracking For Woocommerce | 2022-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||