CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33956 – WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33956
30 Apr 2024 — Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. Vulnerabilidad de autorización faltante en ThemeLocation Custom WooCommerce Checkout Fields Editor. Este problema afecta al Editor de campos de pago personalizados de WooCommerce: desde n/a hasta 1.3.0. The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capabil... • https://patchstack.com/database/vulnerability/add-fields-to-checkout-page-woocommerce/wordpress-custom-woocommerce-checkout-fields-editor-plugin-1-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33585 – WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33585
25 Apr 2024 — Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1. Vulnerabilidad de falta de autorización en Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce. Este problema afecta las tarifas y descuentos basados en pasarela de pago para WooCommerce: desde n/a hasta 2.12.1. The Payment Gateway Based Fees and Discounts for WooCommerce plug... • https://patchstack.com/database/vulnerability/checkout-fees-for-woocommerce/wordpress-payment-gateway-based-fees-and-discounts-for-woocommerce-plugin-2-12-1-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33566 – WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-33566
25 Apr 2024 — Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. La vulnerabilidad de autorización faltante en N-Media OrderConvo permite la inyección de comandos del sistema operativo. Este problema afecta a OrderConvo: desde n/a hasta 12.4. The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on a REST API endpoint in a... • https://patchstack.com/database/vulnerability/admin-and-client-message-after-order-for-woocommerce/wordpress-orderconvo-plugin-12-4-unauthenticated-api-access-to-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32781 – WordPress Email Customizer for WooCommerce plugin <= 2.6.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32781
22 Apr 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en ThemeHigh Email Customizer para WooCommerce. Este problema afecta al Email Customizer para WooCommerce: desde n/a hasta 2.6.0. The Email Customizer for WooCommerce | Drag and Drop Email Templates Builder plugin for WordPress is vu... • https://patchstack.com/database/vulnerability/email-customizer-for-woocommerce/wordpress-email-customizer-for-woocommerce-plugin-2-6-0-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32807 – WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-32807
22 Apr 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Brevo para WooCommerce Sendinblue para WooCommerce. Este problema afecta a Sendinblue para WooCommerce: desde n/a hasta 4.0... • https://patchstack.com/database/vulnerability/woocommerce-sendinblue-newsletter-subscription/wordpress-brevo-for-woocommerce-plugin-4-0-17-arbitrary-file-download-and-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32699 – WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32699
22 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en YITH YITH WooCommerce Compare. Este problema afecta a YITH WooCommerce Compare: desde n/a hasta 2.37.0. The YITH WooCommerce Compare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.37.0. This is due to missing or incorrect nonce validation on severa... • https://patchstack.com/database/vulnerability/yith-woocommerce-compare/wordpress-yith-woocommerce-compare-plugin-2-37-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32777 – WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32777
22 Apr 2024 — Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39. Vulnerabilidad de autorización faltante en BizSwoop de CPF Concepts, LLC Brand BizPrint. Este problema afecta a BizPrint: desde n/a hasta 4.3.39. The BizPrint plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview() function in versions up to, and including, 4.3.39. This makes it possible for unauthent... • https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-3-39-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32814 – WordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32814
22 Apr 2024 — Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1. Vulnerabilidad de autorización faltante en la recogida local avanzada de Zorem para WooCommerce. Este problema afecta a la recogida local avanzada para WooCommerce: desde n/a hasta 1.6.1. The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admi... • https://patchstack.com/database/vulnerability/advanced-local-pickup-for-woocommerce/wordpress-advanced-local-pickup-for-woocommerce-plugin-1-6-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32835 – WordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerability
https://notcve.org/view.php?id=CVE-2024-32835
22 Apr 2024 — Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. Vulnerabilidad de deserialización de datos no confiables en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.3. The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserializ... • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32691 – WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32691
19 Apr 2024 — Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. Vulnerabilidad de autorización faltante en realmag777 Active Products Tables for WooCommerce. Este problema afecta a las tablas de productos activos para WooCommerce: desde n/a hasta 1.0.6.2. The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized access and modific... • https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •