CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33545 – WordPress WZone plugin <= 14.0.10 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33545
25 Apr 2024 — Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10. Vulnerabilidad de autorización faltante en AA-Team WZone. Este problema afecta a WZone: desde n/a hasta 14.0.10. The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 14.0.10. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33547 – WordPress WZone plugin <= 14.0.10 - Site Wide Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33547
25 Apr 2024 — Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10. Vulnerabilidad de autorización faltante en AA-Team WZone. Este problema afecta a WZone: desde n/a hasta 14.0.10. The WZone plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 14.0.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions. • https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-site-wide-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33548 – WordPress WZone plugin <= 14.0.10 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33548
25 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en AA-Team WZone permite Reflected XSS. Este problema afecta a WZone: desde n/a hasta 14.0.10. The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to Reflected Cros... • https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33549 – WordPress WZone plugin <= 14.0.10 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-33549
25 Apr 2024 — Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10. La vulnerabilidad de gestión de privilegios incorrecta en AA-Team WZone permite la escalada de privilegios. Este problema afecta a WZone: desde n/a hasta 14.0.10. The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 14.0.10. This makes it possible for authenticated attacker... • https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-33544 – WordPress WZone plugin <= 14.0.10 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-33544
25 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en AA-Team WZone permite la inyección SQL. Este problema afecta a WZone: desde n/a hasta 14.0.10. The WZone plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 14.0.10 du... • https://github.com/codeb0ss/CVE-2024-33544-PoC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33546 – WordPress WZone plugin <= 14.0.10 - Arbitrary SQL Update Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-33546
25 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. La neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en AA-Team WZone permite la inyección SQL. Este problema afecta a WZone: desde n/a hasta 14.0.10. The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to SQL Injection i... • https://patchstack.com/database/vulnerability/woozone/wordpress-wzone-plugin-14-0-10-arbitrary-sql-update-execution-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •