CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44030 – WordPress Checkout Mestres WP plugin <= 8.6 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44030
24 Sep 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 8.6. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6. The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to Local File Incl... • https://patchstack.com/database/vulnerability/checkout-mestres-wp/wordpress-checkout-mestres-wp-plugin-8-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51472 – WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-51472
27 Dec 2023 — Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. Vulnerabilidad de autenticación incorrecta en Mestres do WP Checkout Mestres WP permite la escalada de privilegios. Este problema afecta a Checkout Mestres WP: desde n/a hasta 7.1.9.7. The Checkout Mestres WP plugin for WordPress is vulnerable to authentication due to a weak password reset functionality in all versions up to, and including, ... • https://patchstack.com/database/vulnerability/checkout-mestres-wp/wordpress-checkout-mestres-wp-plugin-7-1-9-6-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51471 – WordPress Checkout Mestres WP plugin <= 7.1.9.7 - Unauthenticated Arbitrary Options Update vulnerability
https://notcve.org/view.php?id=CVE-2023-51471
27 Dec 2023 — Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. Vulnerabilidad de autenticación incorrecta en Mestres do WP Checkout Mestres WP permite acceder a funcionalidades no restringidas adecuadamente por las ACL. Este problema afecta a Checkout Mestres WP: desde n/a hasta 7.1.9.7. The Checkout Mestres WP plugin for WordPress is vulnerable to unauthorized access... • https://patchstack.com/database/vulnerability/checkout-mestres-wp/wordpress-checkout-mestres-wp-plugin-7-1-9-6-unauthenticated-arbitrary-options-update-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-862: Missing Authorization •