CVE-2023-27608 – WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-27608
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. Vulnerabilidad de autorización faltante en WP Swings Points and Rewards para WooCommerce. Este problema afecta a Points and Rewards for WooCommerce: desde n/a hasta 1.5.0. The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'wps_wpr_points_update' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to update reward points. • https://patchstack.com/database/vulnerability/points-and-rewards-for-woocommerce/wordpress-points-and-rewards-for-woocommerce-plugin-1-5-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-27607 – WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2023-27607
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. Vulnerabilidad de autorización faltante en WP Swings Points and Rewards para WooCommerce. Este problema afecta a Points and Rewards for WooCommerce: desde n/a hasta 1.5.0. The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.0. This is due to a missing nonce check on the wps_wpr_points_update function. • https://patchstack.com/database/vulnerability/points-and-rewards-for-woocommerce/wordpress-points-and-rewards-for-woocommerce-plugin-1-5-0-settings-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •