CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32524 – WordPress Custom Order Statuses for WooCommerce plugin <= 1.5.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32524
Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. Vulnerabilidad de autorización faltante en Nuggethon Custom Order Statuses for WooCommerce. Este problema afecta a los estados de pedidos personalizados para WooCommerce: desde n/a hasta 1.5.2. The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/custom-order-statuses-for-woocommerce/wordpress-custom-order-statuses-for-woocommerce-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32511 – WordPress Simple Registration for WooCommerce plugin <= 1.5.6 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-32511
Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6. La vulnerabilidad de gestión de privilegios incorrecta en Astoundify Simple Registration para WooCommerce permite la escalada de privilegios. Este problema afecta el registro simple para WooCommerce: desde n/a hasta 1.5.6. The Simple Registration for WooCommerce plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated users to elevate their privileges to that of an administrator. • https://patchstack.com/database/vulnerability/woocommerce-simple-registration/wordpress-simple-registration-for-woocommerce-plugin-1-5-6-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32446 – WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32446
Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce.This issue affects Wallet System for WooCommerce: from n/a through 2.5.9. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Swings Wallet System para WooCommerce. Este problema afecta a Wallet System para WooCommerce: desde n/a hasta 2.5.9. The Wallet System for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.9. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/wallet-system-for-woocommerce/wordpress-wallet-system-for-woocommerce-plugin-2-5-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32434 – WordPress Order Delivery Date for WooCommerce plugin <= 3.20.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32434
Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce.This issue affects Order Delivery Date for WooCommerce: from n/a through 3.20.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tyche Softwares Order Delivery Date for WooCommerce. Este problema afecta la fecha de entrega del pedido para WooCommerce: desde n/a hasta 3.20.2. The Order Delivery Date for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.21.0. This is due to missing or incorrect nonce validation on the dismiss_notice() function. • https://patchstack.com/database/vulnerability/order-delivery-date-for-woocommerce/wordpress-order-delivery-date-for-woocommerce-plugin-3-20-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32107 – WordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32107
Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en XLPlugins Finale Lite. Este problema afecta a Finale Lite: desde n/a hasta 2.18.0. The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.18.0. This is due to missing or incorrect nonce validation on the xlo_optin_call() function. • https://patchstack.com/database/vulnerability/finale-woocommerce-sales-countdown-timer-discount/wordpress-finale-lite-sales-countdown-timer-discount-for-woocommerce-plugin-2-18-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •