Cookie Consent by Free Privacy Policy Generator website CVE-2022-34868 | ЮKassa для WooCommerce Plugin up to 2.3.0 on WordPress Setting access control u

Portal Nachrichten

WIRKLICH FIXED: RSS feeds abonnieren!!!


➠ CVE-2022-34868 | ЮKassa для WooCommerce Plugin up to 2.3.0 on WordPress Setting access control

A vulnerability was found in ЮKassa для WooCommerce Plugin up to 2.3.0. It has been classified as critical. This affects an unknown part of the component Setting Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2022-34868. It is possible to initiate the attack remotely. There is no exploit available....


➦ Sicherheitslücken / Exploits ☆ vuldb.com

➠ Komplette Nachricht lesen


Zur Startseite

➤ Ähnliche Beiträge für 'CVE-2022-34868 | ЮKassa для WooCommerce Plugin up to 2.3.0 on WordPress Setting access control'

XSS in the class meta-box

vom 4183.54 Punkte
The customer note in the meta-box is not adequately escaped to prevent an XSS attack. This vulnerability affects the following application versions: WooCommerce 2.2.0 WooCommerce 2.2.0-RC1 WooCommerce 2.2

XSS in meta box order data

vom 4151.27 Punkte
Some variables are not properly escaped to prevent an XSS attack. This vulnerability affects the following application versions: WooCommerce 2.2.0 WooCommerce 2.2.0-RC1 WooCommerce 2.2.1

Path traversal in admin importers

vom 3645.81 Punkte
The CSV and TXT importers of taxes and products are not properly checked against path traversal attacks. This vulnerability affects the following application versions: WooCommerce 2.3.0 WooCommerce 2.3.0-RC1

SQL injection in the taxes API

vom 3473.74 Punkte
The API taxes are not properly escaped to prevent an SQL injection. This vulnerability affects the following application versions: WooCommerce 2.5.0 WooCommerce 2.5.0-RC1 WooCommerce 2.5.0-RC2

Incorrect session handling

vom 2774.69 Punkte
The session is not properly checked if it is expired or belongs to a logged-out user. This vulnerability affects the following application versions: WooCommerce 3.3.0 WooCommerce 3.3.0-rc.2 WooCommerce 3.3

Escaping added to templates and classes and usage of absolute paths to prevent XSS

vom 2624.12 Punkte
Several elements and paths weren't properly sanitized against XSS. This vulnerability affects the following application versions: WooCommerce 2.1.0 WooCommerce 2.1.0-RC1 WooCommerce 2.1.0-RC2

Permission check for reviews in v1 & v2 REST API

vom 2505.82 Punkte
Missing boolean checks before the permission check can lead having wrong permissions for users This vulnerability affects the following application versions: WooCommerce 3.5.0 WooCommerce 3.5.0-beta.1 WooCommerce 3.5

XSS in various modules

vom 2322.99 Punkte
Some addons of WooCommerce are not properly escaped to prevent XSS attacks. This vulnerability affects the following application versions: WooCommerce 3.7.0 WooCommerce 3.7.0-beta.1 WooCommerce 3.7.0

Added escaping to data linked products to prevent XSS

vom 2236.96 Punkte
Data linked products weren't properly escaped against XSS. This vulnerability affects the following application versions: WooCommerce 2.1.0 WooCommerce 2.1.0-RC2 WooCommerce 2.1

Added escaping to several product elements to prevent XSS

vom 1925.07 Punkte
Some of the product elements weren't properly escaped against. XSS. This vulnerability affects the following application versions: WooCommerce 2.1.0 WooCommerce 2.1.0-RC1 WooCommerce 2.1.0-RC2

Several include elements escaped to prevent XSS

vom 1925.07 Punkte
A range of include elements were not properly escaped to prevent XSS. This vulnerability affects the following application versions: WooCommerce 2.1.0 WooCommerce 2.1.0-RC1 WooCommerce 2.1.0-RC2

Added escaping to shop coupon post type to prevent XSS

vom 1892.81 Punkte
Shop coupon wasn't properly escaped against XSS. This vulnerability affects the following application versions: WooCommerce 2.2.0 WooCommerce 2.2.0-RC1 WooCommerce 2.2.1

Team Security Diskussion über CVE-2022-34868 | ЮKassa для WooCommerce Plugin up to 2.3.0 on WordPress Setting access control