漏洞描述
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Woo Manage Fraud Orders 6.1.7版本及之前版本存在日志信息泄露漏洞,该漏洞源于包含一个敏感信息泄露漏洞。
WordPress plugin Woo Manage Fraud Orders 日志信息泄露漏洞
PoC代码
暂无相关漏洞推荐
- POC wordpress-simple-social-icons-fpd: WordPress Simple Social Icons - Full Path Disclosure
- POC CVE-2022-0188: CMP WordPress < 4.0.19 - Broken Access Control
- POC CVE-2025-36845: Eveo URVE Web Manager - Server-Side Request Forgery
- POC CVE-2025-49533: Adobe Experience Manager Forms - Insecure Deserialization
- POC wordpress-wp-env-exposure: WordPress Configuration wp-env - Exposure
- POC wp-wpstatistics-log: WordPress Plugin WP Statistics Error Log Disclosure
- POC wp-a3-lazy-load-top-fpd: WordPress a3 Lazy Load - Full Path Disclosure
- POC wp-breadcrumb-navxt-fpd: WordPress Breadcrumb NavXT - Full Path Disclosure
- POC wp-cf7-data-source-fpd: WordPress Data Source for Contact Form 7 - Full Path Disclosure
- POC wp-header-footer-elementor-fpd: WordPress Header Footer Elementor - Full Path Disclosure
- POC wp-easy-wp-smtp-log-exposure: WordPress Easy WP SMTP - Log Exposure
- WordPress Drag and Drop Multiple File Upload for WooCommerce dnd_codedropz_upload_wc 文件上传漏洞(CVE-2025-4403)
- WordPress Broken Link Notifier /wp-admin/admin-ajax.php blnotifier_blinks 服务器端请求伪造漏洞(CVE-2025-6851)