CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38702 – WordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-38702
Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2. The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the prdd_lite_update_db_check() function in versions up to, and including, 2.7.2. This makes it possible for unauthenticated attackers to reset tracking. • https://patchstack.com/database/vulnerability/product-delivery-date-for-woocommerce-lite/wordpress-product-delivery-date-for-woocommerce-lite-plugin-2-7-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52210 – Product Delivery Date for WooCommerce – Lite <= 2.7.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-52210
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the prdd_delete_all_special_delivery() function in versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to delete special deliveries. • CWE-862: Missing Authorization •