CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51495 – WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51495
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. Vulnerabilidad de autorización faltante en Woo WooCommerce Warranty Requests. Este problema afecta a WooCommerce Warranty Requests: desde n/a hasta 2.2.7. The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-2-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51496 – WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51496
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. Vulnerabilidad de autorización faltante en Woo WooCommerce Warranty Requests. Este problema afecta a WooCommerce Warranty Requests: desde n/a hasta 2.2.7. The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-2-7-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37870 – WordPress WooCommerce Warranty Requests plugin <= 2.1.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-37870
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.1.9. Vulnerabilidad de autorización faltante en Woo WooCommerce Warranty Requests. Este problema afecta a WooCommerce Warranty Requests: desde n/a hasta 2.1.9. The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with customer-level access and above, to make use of this functionality intended for higher-privileged users. • https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-1-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22710 – WordPress Return and Warranty Management System for WooCommerce Plugin <= 1.2.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-22710
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions. The Return and Warranty Management System for WooCommerce plugin for WordPress is vulnerable to stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wc-return-warrranty/wordpress-return-and-warranty-management-system-for-woocommerce-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •