CVE-2023-51497 – WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51497
27 Dec 2023 — Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. Vulnerabilidad de autorización faltante en Woo WooCommerce Ship to Multiple Addresses. Este problema afecta a WooCommerce Ship to Multiple Addresses: desde n/a hasta 3.8.9. The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized action due to a missing capability check on a function in versions up to, and in... • https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-51499 – WordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51499
27 Dec 2023 — Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. Vulnerabilidad de autorización faltante en WooCommerce WooCommerce Shipping Per Product. Este problema afecta el envío por producto de WooCommerce: desde n/a hasta 2.5.4. The WooCommerce Shipping Per Product plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.5... • https://patchstack.com/database/vulnerability/woocommerce-shipping-per-product/wordpress-woocommerce-shipping-per-product-plugin-2-5-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-51511 – WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-51511
27 Dec 2023 — Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.3. Vulnerabilidad de autenticación incorrecta en Pluggabl LLC Booster Elite para WooCommerce permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.3. The Booster Elite for WooCommerce plugi... • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-3-authenticated-production-creation-modification-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVE-2023-51546 – WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-51546
27 Dec 2023 — Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. Una vulnerabilidad de gestión de privilegios incorrecta en WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Label permite la escalada de privilegios. Este problema afecta a WooCommerce PDF Invoices, Pa... • https://patchstack.com/database/vulnerability/print-invoices-packing-slip-labels-for-woocommerce/wordpress-woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-plugin-4-2-1-privilege-escalation-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVE-2023-51679 – WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51679
27 Dec 2023 — Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2. Vulnerabilidad de autorización faltante en BulkGate BulkGate SMS Plugin for WooCommerce. Este problema afecta a BulkGate SMS Plugin for WooCommerce: desde n/a hasta 3.0.2. The BulkGate SMS Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in vers... • https://patchstack.com/database/vulnerability/woosms-sms-module-for-woocommerce/wordpress-bulkgate-sms-plugin-for-woocommerce-plugin-3-0-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-51692 – WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-51692
27 Dec 2023 — Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. Vulnerabilidad de autorización faltante en CusRev Customer Reviews for WooCommerce. Este problema afecta a las Reseñas de clientes de WooCommerce: desde n/a hasta 5.38.1. The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in the 'CR_Manual' ... • https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-38-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-51498 – WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51498
27 Dec 2023 — Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through 2.8.3. Vulnerabilidad de autorización faltante en Woo WooCommerce Canada Post Shipping. Este problema afecta a WooCommerce Canada Post Shipping: desde n/a hasta 2.8.3. The WooCommerce Canada Post Shipping plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.8.3. This makes it ... • https://patchstack.com/database/vulnerability/woocommerce-shipping-canada-post/wordpress-woocommerce-canada-post-shipping-plugin-2-8-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-51496 – WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51496
27 Dec 2023 — Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. Vulnerabilidad de autorización faltante en Woo WooCommerce Warranty Requests. Este problema afecta a WooCommerce Warranty Requests: desde n/a hasta 2.2.7. The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.7. This makes it possible for un... • https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-2-7-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-51355 – WordPress MultiVendorX plugin <= 4.0.23 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51355
26 Dec 2023 — Missing Authorization vulnerability in MultiVendorX WC Marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Marketplace: from n/a through 4.0.23. The WC Marketplace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_save_dashpages' function in versions up to, and including, 4.0.23. This makes it possible for unauthenticated attackers to update the plugin's settings. • https://patchstack.com/database/wordpress/plugin/dc-woocommerce-multi-vendor/vulnerability/wordpress-multivendorx-plugin-4-0-23-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-51369 – WordPress Customize My Account for WooCommerce plugin <= 1.8.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-51369
26 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en SysBasics Customize My Account for WooCommerce. Este problema afecta a Customize My Account for WooCommerce: desde n/a hasta 1.8.3. The Customize My Account for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.3.... • https://patchstack.com/database/vulnerability/customize-my-account-for-woocommerce/wordpress-customize-my-account-for-woocommerce-plugin-1-8-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •