Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through...
8.8CVSS
4.8AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through...
4.3CVSS
4.7AI Score
0.0004EPSS
Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in actpro Extra Product Options for WooCommerce plugin <= 3.0.3...
5.9CVSS
4.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom Options Plus plugin <= 1.8.1...
8.8CVSS
8.7AI Score
0.001EPSS
The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.3AI Score
0.001EPSS
Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above,.....
8.8CVSS
8.2AI Score
0.002EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0...
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization...
8.8CVSS
8.7AI Score
0.001EPSS
The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...
9.8CVSS
9.2AI Score
0.003EPSS
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to...
7.5CVSS
7.4AI Score
0.003EPSS