CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51497 – WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51497
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. Vulnerabilidad de autorización faltante en Woo WooCommerce Ship to Multiple Addresses. Este problema afecta a WooCommerce Ship to Multiple Addresses: desde n/a hasta 3.8.9. The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized action due to a missing capability check on a function in versions up to, and including, 3.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37872 – WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-37872
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.5. Vulnerabilidad de autorización faltante en Woo WooCommerce Ship to Multiple Addresses. Este problema afecta a WooCommerce Ship to Multiple Addresses: desde n/a hasta 3.8.5. The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 3.8.5. This makes it possible for authenticated attackers, with customer-level access and above, to invoke this function intended for higher-privileged users. • https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0865 – WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR
https://notcve.org/view.php?id=CVE-2023-0865
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users. The WooCommerce Multiple Customer Addresses & Shipping plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 21.6. This is due to missing protections on the plugin's administrative functions. This makes it possible for subscriber-level attackers to create, delete, view, and update addresses of other users. • https://wpscan.com/vulnerability/e39c0171-ed4a-4143-9a31-c407e3555eec • CWE-639: Authorization Bypass Through User-Controlled Key •