CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2023-50850 – WooCommerce Subscriptions < 5.8.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-50850
The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function in versions up to 5.8.0. This makes it possible for authenticated attackers, with contributor-level access and above, to make use of that function. • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35914 – WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce Woo Subscriptions. Este problema afecta a Woo Subscriptions: desde n/a hasta 5.1.2. The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown unction in versions up to, and including, 5.1.2. This makes it possible for unauthenticated attackers to access or modify information by passing in a user-conttrolled parameter. • https://patchstack.com/database/vulnerability/woocommerce-subscriptions/wordpress-woocommerce-subscriptions-plugin-5-1-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •