WIRKLICH FIXED: RSS feeds abonnieren!!!
A vulnerability was found in ЮKassa для WooCommerce Plugin up to 2.3.0. It has been classified as critical. This affects an unknown part of the component Setting Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2022-34868. It is possible to initiate the attack remotely. There is no exploit available....
XSS in the class meta-box
vom 4183.54 Punkte
The customer note in the meta-box is not adequately escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2
XSS in meta box order data
vom 4151.27 Punkte
Some variables are not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
Path traversal in admin importers
vom 3645.81 Punkte
The CSV and TXT importers of taxes and products are not properly checked against path traversal attacks.
This vulnerability affects the following application versions:
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
SQL injection in the taxes API
vom 3473.74 Punkte
The API taxes are not properly escaped to prevent an SQL injection.
This vulnerability affects the following application versions:
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
Incorrect session handling
vom 2774.69 Punkte
The session is not properly checked if it is expired or belongs to a logged-out user.
This vulnerability affects the following application versions:
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.2
WooCommerce 3.3
Escaping added to templates and classes and usage of absolute paths to prevent XSS
vom 2624.12 Punkte
Several elements and paths weren't properly sanitized against XSS.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
Permission check for reviews in v1 & v2 REST API
vom 2505.82 Punkte
Missing boolean checks before the permission check can lead having wrong permissions for users
This vulnerability affects the following application versions:
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5
XSS in various modules
vom 2322.99 Punkte
Some addons of WooCommerce are not properly escaped to prevent XSS attacks.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7.0
Added escaping to data linked products to prevent XSS
vom 2236.96 Punkte
Data linked products weren't properly escaped against XSS.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC2
WooCommerce 2.1
Added escaping to several product elements to prevent XSS
vom 1925.07 Punkte
Some of the product elements weren't properly escaped against. XSS.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
Several include elements escaped to prevent XSS
vom 1925.07 Punkte
A range of include elements were not properly escaped to prevent XSS.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
Added escaping to shop coupon post type to prevent XSS
vom 1892.81 Punkte
Shop coupon wasn't properly escaped against XSS.
This vulnerability affects the following application versions:
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1