CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40561 – Enhanced Ecommerce Google Analytics for WooCommerce
https://notcve.org/view.php?id=CVE-2023-40561
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dotstore Enhanced Ecommerce Google Analytics para WooCommerce en versiones <= 3.7.1. The WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-ecommerce-tracking-for-google-and-facebook/wordpress-enhanced-ecommerce-google-analytics-for-woocommerce-plugin-3-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40559 – WordPress WooCommerce Dynamic Pricing and Discount Rules Plugin <= 2.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40559
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dotstore Dynamic Pricing and Discount Rules para WooCommerce en versiones <= 2.4.0. The WooCommerce Dynamic Pricing and Discount Rules plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing nonce validation on several functions. This makes it possible for unauthenticated attackers to control the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-conditional-discount-rules-for-checkout/wordpress-dynamic-pricing-and-discount-rules-for-woocommerce-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40212 – WordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-40212
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dotstore Product Attachment para WooCommerce en versiones <= 2.1.8. The WooCommerce Product Attachment plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.8. This is due to missing nonce validation on the wcpoa_order_checkout_attachment_save() function. This makes it possible for unauthenticated attackers to save checkout page attachments on the behalf of other users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-product-attachment/wordpress-product-attachment-for-woocommerce-plugin-2-1-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39159 – WordPress Fraud Prevention For Woocommerce Plugin <= 2.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39159
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dotstore Fraud Prevention para Woocommerce en versiones <= 2.1.5. The Woocommerce Blocker Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.5. This is due to missing nonce validation on several of the plugin's functions like wcblu_custom_add_update_options(), wcblu_update_general_settings(), and wcblu_update_rules_settings(). This makes it possible for unauthenticated attackers to invoke this function and update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/wordpress-fraud-prevention-for-woocommerce-plugin-2-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39158 – WordPress Woocommerce Category Banner Management Plugin <= 2.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39158
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dotstore Banner Management para WooCommerce en versiones <= 2.4.2. The Woocommerce Category Banner Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.1. This is due to missing nonce validation on the wcbm_save_shop_page_banner_data() function. This makes it possible for unauthenticated attackers to invoke this function and update shop banner page data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/banner-management-for-woocommerce/wordpress-banner-management-for-woocommerce-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •