Vulnerabilities > Tychesoftwares > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-10226 | Cross-site Scripting vulnerability in Tychesoftwares Arconix Shortcodes The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-18 | CVE-2024-9703 | Cross-site Scripting vulnerability in Tychesoftwares Arconix Shortcodes The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-04 | CVE-2024-9345 | Cross-site Scripting vulnerability in Tychesoftwares Product Delivery Date for Woocommerce The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. | 6.1 |
| 2024-02-05 | CVE-2024-0678 | Cross-site Scripting vulnerability in Tychesoftwares Order Delivery Date for WP E-Commerce 1.2 The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-01-16 | CVE-2023-0479 | Cross-site Scripting vulnerability in Tychesoftwares Print Invoice & Delivery Notes for Woocommerce The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. | 6.1 |
| 2023-10-16 | CVE-2023-44986 | Cross-site Scripting vulnerability in Tychesoftwares Abandoned Cart Lite for Woocommerce Auth. | 4.8 |
| 2023-10-02 | CVE-2023-41859 | Cross-site Scripting vulnerability in Tychesoftwares Order Delivery Date for WP E-Commerce Auth. | 4.8 |
| 2023-09-25 | CVE-2023-41874 | Cross-site Scripting vulnerability in Tychesoftwares Order Delivery Date for Woocommerce Unauth. | 6.1 |
| 2023-07-12 | CVE-2021-4414 | Unspecified vulnerability in Tychesoftwares Abandoned Cart Lite for Woocommerce The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. | 4.3 |
| 2023-06-22 | CVE-2019-25152 | Unspecified vulnerability in Tychesoftwares products The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. | 6.1 |