Multidots: Security Vulnerabilities
Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce linked-variation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Linked Variations for Woocommerce: from n/a through <= 1.0.3.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-04-22
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-04
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-10-04
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-03
The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-06-01
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-06-01
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-05-31
An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-05-31
Page 1