CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32807 – WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-32807
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Brevo para WooCommerce Sendinblue para WooCommerce. Este problema afecta a Sendinblue para WooCommerce: desde n/a hasta 4.0.17. The Brevo for WooCommerce plugin for WordPress is vulnerable to arbitrary file download and deletion in all versions up to, and including, 4.0.17. This is due to the plugin not properly validating file names in the get_file_contents and delete_attachment functions. • https://patchstack.com/database/vulnerability/woocommerce-sendinblue-newsletter-subscription/wordpress-brevo-for-woocommerce-plugin-4-0-17-arbitrary-file-download-and-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32777 – WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32777
Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39. Vulnerabilidad de autorización faltante en BizSwoop de CPF Concepts, LLC Brand BizPrint. Este problema afecta a BizPrint: desde n/a hasta 4.3.39. The BizPrint plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview() function in versions up to, and including, 4.3.39. This makes it possible for unauthenticated attackers to preview templates. • https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-3-39-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32835 – WordPress Export and Import Users and Customers plugin <= 2.5.3 - Deserialization of untrusted data vulnerability
https://notcve.org/view.php?id=CVE-2024-32835
Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. Vulnerabilidad de deserialización de datos no confiables en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.3. The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserialization of untrusted input in the input.php file. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32699 – WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32699
Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en YITH YITH WooCommerce Compare. Este problema afecta a YITH WooCommerce Compare: desde n/a hasta 2.37.0. The YITH WooCommerce Compare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.37.0. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/yith-woocommerce-compare/wordpress-yith-woocommerce-compare-plugin-2-37-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32781 – WordPress Email Customizer for WooCommerce plugin <= 2.6.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32781
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en ThemeHigh Email Customizer para WooCommerce. Este problema afecta al Email Customizer para WooCommerce: desde n/a hasta 2.6.0. The Email Customizer for WooCommerce | Drag and Drop Email Templates Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.0 via the prepare_preview() function. This makes it possible for unauthenticated attackers to preview emails templates. • https://patchstack.com/database/vulnerability/email-customizer-for-woocommerce/wordpress-email-customizer-for-woocommerce-plugin-2-6-0-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •