CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51357 – WordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51357
26 Dec 2023 — Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through 6.5.0. The Conversios.io plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the conversios-productsync/v1/cron-productsync REST API endpoint in versions up to, and including, 6.5.0. This makes it possible for unauthenticated attackers to trigger a product sync. • https://patchstack.com/database/wordpress/plugin/enhanced-e-commerce-for-woocommerce-store/vulnerability/wordpress-track-google-analytics-4-facebook-pixel-conversions-api-via-google-tag-manager-for-woocommerce-plugin-6-5-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50861 – WordPress HUSKY plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-50861
22 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF). Este problema afecta a HUSKY – Products Filter for WooCommerce (formerly WOOF): desde n/a hasta 1.3.4.3. The HUSKY – Products Filter for WooCommerce (formerly WOOF) plug... • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49817 – WordPress Flexible Woocommerce Checkout Field Editor plugin <= 2.0.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-49817
05 Dec 2023 — Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocommerce Checkout Field Editor: from n/a through 2.0.1. The Flexible Woocommerce Checkout Field Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function function in versions up to, and including, 2.0.1. This makes it possible for unauthenticated attacke... • https://patchstack.com/database/wordpress/plugin/flexible-woocommerce-checkout-field-editor/vulnerability/wordpress-flexible-woocommerce-checkout-field-editor-plugin-2-0-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41671 – WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.16.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-41671
28 Nov 2023 — Missing Authorization vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through 5.16.1. The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 5.16.1. This makes it possible for authenti... • https://patchstack.com/database/wordpress/plugin/woocommerce-abandoned-cart/vulnerability/wordpress-abandoned-cart-lite-for-woocommerce-plugin-5-16-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6090 – WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6090
27 Nov 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Mollie Mollie Payments para WooCommerce. Este problema afecta a Mollie Payments para WooCommerce: desde n/a hasta 7.3.11. The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation ... • https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48747 – WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-48747
24 Nov 2023 — Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2. Vulnerabilidad de autenticación incorrecta en Pluggabl LLC Booster for WooCommerce permite acceder a funciones no restringidas adecuadamente por las ACL. Este problema afecta a Booster for WooCommerce: desde n/a hasta 7.1.2. The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorize... • https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-2-authenticated-production-creation-modification-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40334 – WordPress HUSKY – Products Filter for WooCommerce Professional plugin <= 1.3.4.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-40334
23 Nov 2023 — Missing Authorization vulnerability in realmag777 HUSKY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through 1.3.4.2. The HUSKY – Products Filter for WooCommerce (formerly WOOF) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the woof_meta_get_keys() function in versions up to, and including, 1.3.4.2. This makes it possible for authenticated attackers, with contributor-level access and above,... • https://patchstack.com/database/wordpress/plugin/woocommerce-products-filter/vulnerability/wordpress-husky-products-filter-for-woocommerce-professional-plugin-1-3-4-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48275 – WordPress Widgets for Google Reviews plugin <= 11.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-48275
22 Nov 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los widgets Trustindex.Io para reseñas de Google. Este problema afecta a los widgets para reseñas de Google: desde n/a hasta 11.0.2. Multiple plugins for WordPress by Trustindex.io are vulnerable to arbitrary file uploads due to missing file type validation ... • https://patchstack.com/database/vulnerability/wp-reviews-plugin-for-google/wordpress-widgets-for-google-reviews-plugin-11-0-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47847 – WordPress PayTR Taksit Tablosu plugin <= 1.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47847
20 Nov 2023 — Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayTR Taksit Tablosu: from n/a through 1.3.1. The PayTR Taksit Tablosu plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on one of the paytr_installment_tab_content_ajax function in versions up to, and including, 1.3.1. This makes it possible for unauthenticated att... • https://patchstack.com/database/wordpress/plugin/paytr-taksit-tablosu-woocommerce/vulnerability/wordpress-paytr-taksit-tablosu-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47698 – WordPress Japanized For WooCommerce plugin <= 2.6.4 - Multiple Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47698
09 Nov 2023 — Missing Authorization vulnerability in Artisan Workshop Japanized For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japanized For WooCommerce: from n/a through 2.6.4. The Japanized For WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification due to missing capability checks on several functions called via REST API function in versions up to, and including, 2.6.4. This makes it possible for unauthenticated attackers to per... • https://patchstack.com/database/wordpress/plugin/woocommerce-for-japan/vulnerability/wordpress-japanized-for-woocommerce-plugin-2-6-4-multiple-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •