Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions
  • E-commerce

E-commerce

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    25 Feb 2025 Business and Enterprise Solutions
    WooCommerce: Unauthorized Data Access in Support Ticket System plugin

    In WooCommerce Support Ticket System plugin for WordPress, versions 17.8 and prior a medium severity vulnerability CVE-2024-13775 was detected. This allows attackers with Subscriber-level access or higher to delete posts and access user data. To address this issue, users should upgrade WooCommerce Support Ticket System plugin to version 17.9 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13775.

    Read more
    E-commerce
    12 Feb 2025 Business and Enterprise Solutions
    Prestashop: Stored XSS Vulnerability in Admin Panel

    In Prestashop versions 8.1.7 a medium severity vulnerability CVE-2025-1230 was detected. This vulnerability allows attackers to exploit a Stored Cross-Site Scripting (XSS) flaw due to the lack of proper validation of user input through ‘//index.php’, affecting the ‘link’ parameter, which could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1230.

    Read more
    E-commerce
    5 Feb 2025 Business and Enterprise Solutions
    WooCommerce: Unauthenticated Data Access Vulnerability

    In WooCommerce Wishlist versions before 1.8.8 a high severity vulnerability CVE-2024-13694 was detected. This vulnerability allows unauthenticated attackers to extract data from wishlists they should not have access to, due to missing validation on a user-controlled key in the download_pdf_file() function. To address this issue, users should upgrade to version 1.8.8 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13694.

    Read more
    E-commerce
    28 Jan 2025 Business and Enterprise Solutions
    WooCommerce: Stored XSS Vulnerability in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin

    In WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels plugin versions 4.7.1 and prior a medium severity vulnerability CVE-2025-24644 was detected. This vulnerability allows attackers to execute a stored cross-site scripting (XSS) attack due to improper neutralization of input during web page generation. To address this issue, users should update the WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin to version 4.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24644.

    Read more
    E-commerce
    28 Jan 2025 Business and Enterprise Solutions
    WooCommerce: Missing Authorization Vulnerability in WC Product Table Lite Plugin

    In WC Product Table WooCommerce Product Table Lite versions 3.8.7 and prior a medium severity vulnerability CVE-2025-24596 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, leading to unauthorized actions. To address this issue, users should upgrade WordPress WooCommerce Product Table Lite wordpress plugin to a version 3.9.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24596.

    Read more
    E-commerce
    11 Jan 2025 Business and Enterprise Solutions
    WooCommerce: Reflected Cross-Site Scripting Vulnerability in Shipping via Planzer Plugin

    In Shipping via Planzer for WooCommerce Plugin versions up to 1.0.25 a medium severity vulnerability CVE-2024-12337 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘processed-ids’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade to version 1.0.26 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12337.

    Read more
    E-commerce
    11 Jan 2025 Business and Enterprise Solutions
    Woocommerce: Unauthorized Data Modification Vulnerability in MIMO Woocommerce Order Tracking Plugin

    In MIMO Woocommerce Order Tracking Plugin versions up to 1.0.2 a medium severity vulnerability CVE-2024-5769 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to modify shipper tracking settings due to missing capability checks on several functions. There is no patched version available at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5769.

    Read more
    E-commerce
    11 Jan 2025 Business and Enterprise Solutions
    WooCommerce: Unauthorized Gift Card Balance Modification Vulnerability in Ultimate Gift Cards Plugin

    In Ultimate Gift Cards for WooCommerce Plugin versions up to 2.9.1 a high severity vulnerability CVE-2024-11423 was detected. This vulnerability allows unauthenticated attackers to modify gift card balances via several REST API endpoints, such as /wp-json/gifting/recharge-giftcard, without making a payment or purchasing anything. To address this issue, users should upgrade to version 2.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11423.

    Read more
    E-commerce
    10 Jan 2025 Business and Enterprise Solutions
    WooCommerce: Reflected Cross-Site Scripting via ‘dvsfw_bulk_label_url’ Parameter in Deliver via Shipos for WooCommerce plugin

    In Deliver via Shipos for WooCommerce plugin versions up to 2.1.7 a medium severity vulnerability CVE-2024-12222 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘dvsfw_bulk_label_url’ parameter due to insufficient input sanitization and output escaping. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12222.

    Read more
    E-commerce
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy