CVE-2024-24711 – WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24711
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. Vulnerabilidad de autorización faltante en el seguimiento de conversiones de WooCommerce de weDevs. Este problema afecta al seguimiento de conversiones de WooCommerce: desde n/a hasta 2.0.11. The WooCommerce Conversion Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcct_install_happy_addons' function in versions up to and including 2.0.11. This makes it possible for authenticated attackers, with subscriber access and above, to install the Happy Elementor Addons plugin. • https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-csrf-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-52217 – WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-52217
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. Vulnerabilidad de autorización faltante en weDevs WooCommerce Conversion Tracking. Este problema afecta a WooCommerce Conversion Tracking: desde n/a hasta 2.0.11. The WooCommerce Conversion Tracking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •