Vulnerabilities (CVE)

Filtered by vendor Tychesoftwares Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2986 1 Tychesoftwares 1 Abandoned Cart Lite For Woocommerce 2023-06-19 N/A 9.8 CRITICAL
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.
CVE-2020-36696 1 Tychesoftwares 1 Product Input Fields For Woocommerce 2023-06-12 N/A 7.5 HIGH
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.
CVE-2022-45367 1 Tychesoftwares 1 Custom Order Numbers For Woocommerce 2023-05-30 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions.
CVE-2023-23703 1 Tychesoftwares 1 Arconix Shortcodes 2023-05-23 N/A 5.4 MEDIUM
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <= 2.1.7 versions.