CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40203 – WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-40203
Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. Vulnerabilidad de falta de autorización en AlgolPlus Advanced Dynamic Pricing para WooCommerce. Este problema afecta a Advanced Dynamic Pricing para WooCommerce: desde n/a hasta 4.1.5. The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxCalculateSeveralProducts function in versions up to, and including, 4.1.5. This makes it possible for authenticated attackers with subscriber-level access or higher to obtain advance pricing info. • https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-5-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43488 – WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-43488
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Advanced Dynamic Pricing para WooCommerce en versiones <= 4.1.5 en WordPress, lo que lleva a la migración del tipo de regla. The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.5. This is due to missing or incorrect nonce validation on several functions related to data migration. This makes it possible for unauthenticated attackers to invoke those functions which makes it possible to update settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-5-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve https://wordpress.org/plugins/advanced-dynamic-pricing-for-woocommerce • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43491 – WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-43491
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Advanced Dynamic Pricing para WooCommerce en versiones <= 4.1.5 en WordPress, lo que lleva a la importación de la configuración del complemento. The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.5. This is due to missing or incorrect nonce validation on several functions such as exportCSVBulkRangesAjaxCB(). This makes it possible for unauthenticated attackers to invoke those functions which makes it possible to update and import settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://wordpress.org/plugins/advanced-dynamic-pricing-for-woocommerce • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38095 – WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38095
Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin AlgolPlus Advanced Dynamic Pricing for WooCommerce versiones anteriores a 4.1.3 incluyéndola en WordPress. The Advanced Dynamic Pricing for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.3. This is due to missing or incorrect nonce validation on the handleSubmitAction function. This makes it possible for unauthenticated attackers to update plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-3-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/advanced-dynamic-pricing-for-woocommerce/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •