CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32814 – WordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32814
Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1. Vulnerabilidad de autorización faltante en la recogida local avanzada de Zorem para WooCommerce. Este problema afecta a la recogida local avanzada para WooCommerce: desde n/a hasta 1.6.1. The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_notices_for_alp_pro() function in versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to dismiss upgrade notices • https://patchstack.com/database/vulnerability/advanced-local-pickup-for-woocommerce/wordpress-advanced-local-pickup-for-woocommerce-plugin-1-6-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32691 – WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32691
Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. Vulnerabilidad de autorización faltante en realmag777 Active Products Tables for WooCommerce. Este problema afecta a las tablas de productos activos para WooCommerce: desde n/a hasta 1.0.6.2. The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the get_smth() function in all versions up to, and including, 1.0.6.2. • https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32678 – WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32678
Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5. Vulnerabilidad de autorización faltante en TrackShip TrackShip para WooCommerce. Este problema afecta a TrackShip para WooCommerce: desde n/a hasta 1.7.5. The TrackShip for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.5. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/trackship-for-woocommerce/wordpress-trackship-for-woocommerce-plugin-1-7-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32680 – WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-32680
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. Vulnerabilidad de limitación incorrecta de un nombre de ruta a un directorio restringido ("Path Traversal"), control incorrecto de la generación de código ("Inyección de código") en PluginUS HUSKY – Products Filter para WooCommerce (anteriormente WOOF) permite el uso de archivos maliciosos y la inclusión de código. El problema afecta a HUSKY – HUSKY – Products Filter para WooCommerce (anteriormente WOOF): desde n/a hasta 1.3.5.2. The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32602 – WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32602
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.3.1. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en OnTheGoSystems WooCommerce Multilingual & Multicurrency. Este problema afecta a WooCommerce Multilingual & Multicurrency: desde n/a hasta 5.3.3.1. The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.3.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/woocommerce-multilingual/wordpress-woocommerce-multilingual-multicurrency-plugin-5-3-3-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •