WooCommerce Checkout Field Editor (Checkout Manager)
by WordPress
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-4328 | Cri | 0.64 | 9.8 | 0.04 | Mar 6, 2023 | The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server | ||
| CVE-2022-3490 | Hig | 0.47 | 7.2 | 0.01 | Nov 28, 2022 | The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | ||
| CVE-2024-31262 | Med | 0.35 | 5.4 | 0.00 | Apr 12, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8. | ||
| CVE-2024-8499 | Med | 0.31 | 4.7 | 0.00 | Oct 4, 2024 | The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output… |
- risk 0.64cvss 9.8epss 0.04
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
- risk 0.47cvss 7.2epss 0.01
The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8.
- risk 0.31cvss 4.7epss 0.00
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output…