Skip to main content

Return Refund And Exchange For Woocommerce

3 CVEs product

Monthly

CVE-2024-13692 MEDIUM PATCH This Month

The Return Refund and Exchange For WooCommerce - Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft WordPress Authentication Bypass Return Refund And Exchange For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13641 MEDIUM PATCH This Month

The Return Refund and Exchange For WooCommerce - Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft WordPress Information Disclosure Return Refund And Exchange For Woocommerce
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-4047 CRITICAL POC Act Now

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Microsoft WordPress Return Refund And Exchange For Woocommerce
NVD WPScan
CVSS 3.1
9.8
EPSS
6.2%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Return Refund and Exchange For WooCommerce - Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft WordPress Authentication Bypass +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The Return Refund and Exchange For WooCommerce - Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft WordPress Information Disclosure +1
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Microsoft +2
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy