CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50850 – WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-50850
17 Jan 2024 — Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0. The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function in versions up to 5.8.0. This makes it possible for authenticated attackers, with contributor-level access and a... • https://patchstack.com/database/wordpress/plugin/woocommerce-subscriptions/vulnerability/wordpress-woo-subscriptions-plugin-5-8-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35914 – WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-35914
19 Jun 2023 — Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce Woo Subscriptions. Este problema afecta a Woo Subscriptions: desde n/a hasta 5.1.2. The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown unction in versions... • https://patchstack.com/database/vulnerability/woocommerce-subscriptions/wordpress-woocommerce-subscriptions-plugin-5-1-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •