➠ CVE-2022-2555 | Yotpo Reviews for WooCommerce Plugin up to 2.0.4 on WordPress Setting cross-site request forgery
A vulnerability was found in Yotpo Reviews for WooCommerce Plugin up to 2.0.4. It has been classified as problematic. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2022-2555. It is possible to launch the attack remotely. There is no exploit available....
Zur Startseite
➤ Ähnliche Beiträge für 'CVE-2022-2555 | Yotpo Reviews for WooCommerce Plugin up to 2.0.4 on WordPress Setting cross-site request forgery'
XSS in the class meta-box
vom 4507.37 Punkte
The customer note in the meta-box is not adequately escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2
XSS in meta box order data
vom 4472.61 Punkte
Some variables are not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
XSS in WC-Cart
vom 4356.74 Punkte
The WC-cart is not properly sanitized to prevent object injection.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
Path traversal in admin importers
vom 3928.02 Punkte
The CSV and TXT importers of taxes and products are not properly checked against path traversal attacks.
This vulnerability affects the following application versions:
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
SQL injection in the taxes API
vom 3742.63 Punkte
The API taxes are not properly escaped to prevent an SQL injection.
This vulnerability affects the following application versions:
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
XSS in metabox customer note field
vom 3510.88 Punkte
Some variables in the customer note field are not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3
Incorrect permissions at the REST API endpoint
vom 3093.75 Punkte
The REST API endpoint is not checked properly for permissions.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7
Incorrect permissions at the REST API endpoint
vom 3093.75 Punkte
The REST API endpoint is not checked properly for permissions.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7
Incorrect session handling
vom 2989.47 Punkte
The session is not properly checked if it is expired or belongs to a logged-out user.
This vulnerability affects the following application versions:
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.2
WooCommerce 3.3
Escaping added to templates and classes and usage of absolute paths to prevent XSS
vom 2827.25 Punkte
Several elements and paths weren't properly sanitized against XSS.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
Permission check for reviews in v1 & v2 REST API
vom 2707.45 Punkte
Missing boolean checks before the permission check can lead having wrong permissions for users
This vulnerability affects the following application versions:
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5
XSS in various modules
vom 2502.81 Punkte
Some addons of WooCommerce are not properly escaped to prevent XSS attacks.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7.0