CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52222 – WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52222
05 Jan 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Automattic WooCommerce. Este problema afecta a WooCommerce: desde n/a hasta 8.2.2. The WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.2. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52231 – WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52231
05 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.2. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capabi... • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52234 – WordPress Booster Elite for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52234
05 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Elite para WooCommerce. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.2. The Booster Elite for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capabilit... • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52210 – Product Delivery Date for WooCommerce – Lite <= 2.7.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-52210
03 Jan 2024 — The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the prdd_delete_all_special_delivery() function in versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to delete special deliveries. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52217 – WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-52217
03 Jan 2024 — Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. Vulnerabilidad de autorización faltante en weDevs WooCommerce Conversion Tracking. Este problema afecta a WooCommerce Conversion Tracking: desde n/a hasta 2.0.11. The WooCommerce Conversion Tracking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.0.11. This makes... • https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52186 – WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-52186
29 Dec 2023 — Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2. Vulnerabilidad de autorización faltante en Woo WooCommerce Product Vendors. Este problema afecta a WooCommerce Product Vendors: desde n/a hasta 2.2.2. The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.2. This makes it possible for unauthentica... • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-2-2-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52144 – WordPress Product Feed Manager plugin <= 7.3.15 - Directory Traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-52144
28 Dec 2023 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en RexTheme Product Feed Manager. Este problema afecta a Product Feed Manager: desde n/a hasta 7.3.15. The Product Feed Manager – WooCommerce to Google Shopping, Social Catalogs, and 170+ Popular Marketplaces pl... • https://patchstack.com/database/vulnerability/best-woocommerce-feed/wordpress-product-feed-manager-plugin-7-3-15-directory-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51481 – WordPress Local Delivery Drivers for WooCommerce plugin <= 1.9.0 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-51481
27 Dec 2023 — Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0. Una vulnerabilidad de gestión de privilegios incorrecta en powerfulwp Local Delivery Drivers para WooCommerce permite la escalada de privilegios. Este problema afecta a Local Delivery Drivers para WooCommerce: desde n/a hasta 1.9.0. The Local Delivery Drivers for WooCommerce plugin for WordPress is vuln... • https://patchstack.com/database/vulnerability/local-delivery-drivers-for-woocommerce/wordpress-local-delivery-drivers-for-woocommerce-plugin-1-9-0-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51494 – WordPress WooCommerce Product Vendors plugin <= 2.2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51494
27 Dec 2023 — Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1. Vulnerabilidad de autorización faltante en Woo WooCommerce Product Vendors. Este problema afecta a los proveedores de productos WooCommerce: desde n/a hasta 2.2.1. The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.1. This makes it possible for... • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51495 – WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51495
27 Dec 2023 — Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. Vulnerabilidad de autorización faltante en Woo WooCommerce Warranty Requests. Este problema afecta a WooCommerce Warranty Requests: desde n/a hasta 2.2.7. The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.7. This makes it possible fo... • https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-2-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •