CVEDB API

Vulnerabilities

Vulnerable Software

Xootix: >> Side Cart Woocommerce >> 1.0.0 Security Vulnerabilities

CVE-2023-28415

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XootiX Side Cart Woocommerce (Ajax) plugin <= 2.2 versions.

CVSS Score

5.9

EPSS Score

0.001

Published

2023-08-30

CVE-2022-45376

Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions.

CVSS Score

4.3

EPSS Score

0.001

Published

2023-05-22

CVE-2022-0215

The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).

CVSS Score

8.8

EPSS Score

0.005

Published

2022-01-18

Page 1

Vulnerabilities

Vulnerable Software

Xootix: >> Side Cart Woocommerce >> 1.0.0 Security Vulnerabilities

Products

Pricing

Contact Us