CVE-2024-29888

MEDIUM Year: 2024
CVSS v3 Score
4.2
Medium
Weakness Type
CWE-359
View all →

Vulnerability Description

Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.

Related Vulnerabilities

CVE-2023-1936

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, wh...

CWE-3592023

CVE-2023-26041

MEDIUM
CVSS:4.3(Medium)

Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they w...

CWE-3592023

CVE-2023-34085

MEDIUM
CVSS:4.3(Medium)

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request

CWE-3592023

CVE-2024-13215

MEDIUM
CVSS:4.3(Medium)

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets...

CWE-3592024

CVE-2024-13216

MEDIUM
CVSS:4.3(Medium)

The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function i...

CWE-3592024

CVE-2024-13217

MEDIUM
CVSS:4.3(Medium)

The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes...

CWE-3592024