CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32807 – WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-32807
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Brevo para WooCommerce Sendinblue para WooCommerce. Este problema afecta a Sendinblue para WooCommerce: desde n/a hasta 4.0.17. The Brevo for WooCommerce plugin for WordPress is vulnerable to arbitrary file download and deletion in all versions up to, and including, 4.0.17. This is due to the plugin not properly validating file names in the get_file_contents and delete_attachment functions. • https://patchstack.com/database/vulnerability/woocommerce-sendinblue-newsletter-subscription/wordpress-brevo-for-woocommerce-plugin-4-0-17-arbitrary-file-download-and-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32835 – WordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerability
https://notcve.org/view.php?id=CVE-2024-32835
Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. Vulnerabilidad de deserialización de datos no confiables en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.3. The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserialization of untrusted input in the input.php file. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32691 – WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32691
Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. Vulnerabilidad de autorización faltante en realmag777 Active Products Tables for WooCommerce. Este problema afecta a las tablas de productos activos para WooCommerce: desde n/a hasta 1.0.6.2. The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_smth() function in all versions up to, and including, 1.0.6.2. • https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32678 – WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32678
Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5. Vulnerabilidad de autorización faltante en TrackShip TrackShip para WooCommerce. Este problema afecta a TrackShip para WooCommerce: desde n/a hasta 1.7.5. The TrackShip for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.5. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/trackship-for-woocommerce/wordpress-trackship-for-woocommerce-plugin-1-7-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32680 – WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-32680
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. Vulnerabilidad de limitación incorrecta de un nombre de ruta a un directorio restringido ("Path Traversal"), control incorrecto de la generación de código ("Inyección de código") en PluginUS HUSKY – Products Filter para WooCommerce (anteriormente WOOF) permite el uso de archivos maliciosos y la inclusión de código. El problema afecta a HUSKY – HUSKY – Products Filter para WooCommerce (anteriormente WOOF): desde n/a hasta 1.3.5.2. The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •