CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32680 – WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-32680
17 Apr 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. Vulnerabilidad de limitación incorrecta de un nombre de ruta a un directorio restringido ("Path Traversal"), control incorrecto de la generación ... • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32678 – WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32678
17 Apr 2024 — Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5. Vulnerabilidad de autorización faltante en TrackShip TrackShip para WooCommerce. Este problema afecta a TrackShip para WooCommerce: desde n/a hasta 1.7.5. The TrackShip for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.5. This makes it possible for unau... • https://patchstack.com/database/vulnerability/trackship-for-woocommerce/wordpress-trackship-for-woocommerce-plugin-1-7-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32602 – WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32602
16 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en OnTheGoSystems WooCommerce Multilingual & Multicurrency. Este problema afecta a WooCommerce Multilingual & Multicurrency: desde n/a hasta 5.... • https://patchstack.com/database/vulnerability/woocommerce-multilingual/wordpress-woocommerce-multilingual-multicurrency-plugin-5-3-3-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32511 – WordPress Simple Registration for WooCommerce plugin <= 1.5.6 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-32511
15 Apr 2024 — Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6. La vulnerabilidad de gestión de privilegios incorrecta en Astoundify Simple Registration para WooCommerce permite la escalada de privilegios. Este problema afecta el registro simple para WooCommerce: desde n/a hasta 1.5.6. The Simple Registration for WooCommerce plugin for WordPress is vulnerable to privilege... • https://patchstack.com/database/vulnerability/woocommerce-simple-registration/wordpress-simple-registration-for-woocommerce-plugin-1-5-6-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32524 – WordPress Custom Order Statuses for WooCommerce plugin <= 1.5.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32524
15 Apr 2024 — Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. Vulnerabilidad de autorización faltante en Nuggethon Custom Order Statuses for WooCommerce. Este problema afecta a los estados de pedidos personalizados para WooCommerce: desde n/a hasta 1.5.2. The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function i... • https://patchstack.com/database/vulnerability/custom-order-statuses-for-woocommerce/wordpress-custom-order-statuses-for-woocommerce-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32434 – WordPress Order Delivery Date for WooCommerce plugin <= 3.20.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32434
12 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce.This issue affects Order Delivery Date for WooCommerce: from n/a through 3.20.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tyche Softwares Order Delivery Date for WooCommerce. Este problema afecta la fecha de entrega del pedido para WooCommerce: desde n/a hasta 3.20.2. The Order Delivery Date for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, an... • https://patchstack.com/database/vulnerability/order-delivery-date-for-woocommerce/wordpress-order-delivery-date-for-woocommerce-plugin-3-20-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32446 – WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32446
12 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce.This issue affects Wallet System for WooCommerce: from n/a through 2.5.9. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Swings Wallet System para WooCommerce. Este problema afecta a Wallet System para WooCommerce: desde n/a hasta 2.5.9. The Wallet System for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.9. This is due to missing or incorr... • https://patchstack.com/database/vulnerability/wallet-system-for-woocommerce/wordpress-wallet-system-for-woocommerce-plugin-2-5-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32087 – WordPress Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More plugin <= 3.5.7 - Auth. SQL Injection (SQLi) vulnerability
https://notcve.org/view.php?id=CVE-2024-32087
11 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en ExportFeed.Com Product Feed on WooCommerce for Google. Este problema afecta el feed de productos en WooCommerce para Google: desde n/a hasta 3.5.7. The Pr... • https://patchstack.com/database/vulnerability/purple-xmls-google-product-feed-for-woocommerce/wordpress-product-feed-on-woocommerce-for-google-awin-shareasale-bing-and-more-plugin-3-5-7-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32095 – WordPress MultiParcels Shipping For WooCommerce plugin < 1.16.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32095
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiParcels Shipping For WooCommerce.This issue affects MultiParcels Shipping For WooCommerce: from n/a before 1.16.9. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en MultiParcels MultiParcels Shipping For WooCommerce. Este problema afecta a MultiParcels Shipping For WooCommerce: desde n/a antes de 1.16.9. The MultiParcels Shipping For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.1... • https://patchstack.com/database/vulnerability/multiparcels-shipping-for-woocommerce/wordpress-multiparcels-shipping-for-woocommerce-plugin-1-16-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32105 – WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32105
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts. Este problema afecta a los precios y descuentos dinámicos de ELEX WooCommerce: desde n/a hasta 2.1.2. The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Cro... • https://patchstack.com/database/vulnerability/elex-woocommerce-dynamic-pricing-and-discounts/wordpress-elex-woocommerce-dynamic-pricing-and-discounts-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •