CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50850 – WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-50850
17 Jan 2024 — Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0. The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function in versions up to 5.8.0. This makes it possible for authenticated attackers, with contributor-level access and a... • https://patchstack.com/database/wordpress/plugin/woocommerce-subscriptions/vulnerability/wordpress-woo-subscriptions-plugin-5-8-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18834 – WooCommerce Subscriptions < 2.6.3 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-18834
11 Mar 2019 — Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php. Una vulnerabilidad XSS persistente en el plugin WooCommerce Subscriptions versiones anteriores a 2.6.3 para WordPress, permite a atacantes remotos ejecutar JavaScript arbitrario porque los detalles de facturación son manejados inapropiadamente en la función WCS_Admin_Post_Typ... • https://woocommerce.com/products/woocommerce-subscriptions • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •