Vulnerabilities > Villatheme

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2022-46806 Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Cart ALL in ONE for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification.
network
low complexity
villatheme CWE-352
4.3
2022-11-18 CVE-2022-44634 Unspecified vulnerability in Villatheme S2W - Import Shopify to Woocommerce
Auth.
network
low complexity
villatheme
4.9
2022-10-14 CVE-2022-41623 Unspecified vulnerability in Villatheme Dropshipping and Fulfillment for Aliexpress and Woocommerce
Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.
network
low complexity
villatheme
7.5
2022-04-18 CVE-2022-1037 Server-Side Request Forgery (SSRF) vulnerability in Villatheme Exmage
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs
network
low complexity
villatheme CWE-918
7.2
2022-01-24 CVE-2021-25062 Cross-site Scripting vulnerability in Villatheme Orders Tracking for Woocommerce
The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
network
low complexity
villatheme CWE-79
6.1