➠ CVE-2022-3923 | ActiveCampaign for WooCommerce Plugin up to 1.9.6 on WordPress Error Log authorization
A vulnerability classified as problematic was found in ActiveCampaign for WooCommerce Plugin up to 1.9.6. This vulnerability affects unknown code of the component Error Log Handler. The manipulation leads to missing authorization. This vulnerability was named CVE-2022-3923. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component....
Zur Startseite
➤ Ähnliche Beiträge für 'CVE-2022-3923 | ActiveCampaign for WooCommerce Plugin up to 1.9.6 on WordPress Error Log authorization'
XSS in the class meta-box
vom 4492.98 Punkte
The customer note in the meta-box is not adequately escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2
XSS in meta box order data
vom 4458.33 Punkte
Some variables are not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 2.2.0
WooCommerce 2.2.0-RC1
WooCommerce 2.2.1
XSS in WC-Cart
vom 4342.83 Punkte
The WC-cart is not properly sanitized to prevent object injection.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
Path traversal in admin importers
vom 3915.48 Punkte
The CSV and TXT importers of taxes and products are not properly checked against path traversal attacks.
This vulnerability affects the following application versions:
WooCommerce 2.3.0
WooCommerce 2.3.0-RC1
SQL injection in the taxes API
vom 3730.68 Punkte
The API taxes are not properly escaped to prevent an SQL injection.
This vulnerability affects the following application versions:
WooCommerce 2.5.0
WooCommerce 2.5.0-RC1
WooCommerce 2.5.0-RC2
XSS in metabox customer note field
vom 3499.67 Punkte
Some variables in the customer note field are not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.1
WooCommerce 3.3
Incorrect permissions at the REST API endpoint
vom 3083.87 Punkte
The REST API endpoint is not checked properly for permissions.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7
Incorrect permissions at the REST API endpoint
vom 3083.87 Punkte
The REST API endpoint is not checked properly for permissions.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7
Incorrect session handling
vom 2979.92 Punkte
The session is not properly checked if it is expired or belongs to a logged-out user.
This vulnerability affects the following application versions:
WooCommerce 3.3.0
WooCommerce 3.3.0-rc.2
WooCommerce 3.3
Escaping added to templates and classes and usage of absolute paths to prevent XSS
vom 2818.22 Punkte
Several elements and paths weren't properly sanitized against XSS.
This vulnerability affects the following application versions:
WooCommerce 2.1.0
WooCommerce 2.1.0-RC1
WooCommerce 2.1.0-RC2
Permission check for reviews in v1 & v2 REST API
vom 2691.17 Punkte
Missing boolean checks before the permission check can lead having wrong permissions for users
This vulnerability affects the following application versions:
WooCommerce 3.5.0
WooCommerce 3.5.0-beta.1
WooCommerce 3.5
XSS in various modules
vom 2494.82 Punkte
Some addons of WooCommerce are not properly escaped to prevent XSS attacks.
This vulnerability affects the following application versions:
WooCommerce 3.7.0
WooCommerce 3.7.0-beta.1
WooCommerce 3.7.0