CVE-2024-38702 – Product Delivery Date for WooCommerce – Lite <= 2.7.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-38702
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the prdd_lite_update_db_check() function in versions up to, and including, 2.7.2. This makes it possible for unauthenticated attackers to reset tracking. • CWE-862: Missing Authorization •
CVE-2023-52210 – Product Delivery Date for WooCommerce – Lite <= 2.7.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-52210
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the prdd_delete_all_special_delivery() function in versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to delete special deliveries. • CWE-862: Missing Authorization •