CVE-2023-51497 – WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51497
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. Vulnerabilidad de autorización faltante en Woo WooCommerce Ship to Multiple Addresses. Este problema afecta a WooCommerce Ship to Multiple Addresses: desde n/a hasta 3.8.9. The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized action due to a missing capability check on a function in versions up to, and including, 3.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-37872 – WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-37872
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.5. Vulnerabilidad de autorización faltante en Woo WooCommerce Ship to Multiple Addresses. Este problema afecta a WooCommerce Ship to Multiple Addresses: desde n/a hasta 3.8.5. The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 3.8.5. This makes it possible for authenticated attackers, with customer-level access and above, to invoke this function intended for higher-privileged users. • https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •