CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47681 – WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47681
09 Nov 2023 — Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0. Vulnerabilidad de autorización faltante en QuadLayers WooCommerce Checkout Manager. Este problema afecta a WooCommerce Checkout Manager: desde n/a hasta 7.3.0. The WooCommerce Checkout Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_order_attachment_upload and ajax_delete_attachment functions ho... • https://patchstack.com/database/vulnerability/woocommerce-checkout-manager/wordpress-woocommerce-checkout-manager-plugin-7-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47241 – WordPress CoCart – Headless ecommerce plugin <= 3.11.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47241
07 Nov 2023 — Missing Authorization vulnerability in CoCart Headless, LLC CoCart – Headless ecommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoCart – Headless ecommerce: from n/a through 3.11.2. The CoCart – Headless ecommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 3.11.2. This makes it possible for unauthenticated ... • https://patchstack.com/database/wordpress/plugin/cart-rest-api-for-woocommerce/vulnerability/wordpress-cocart-headless-ecommerce-plugin-3-9-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50899 – WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX plugin <= 5.0.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-50899
03 Nov 2023 — Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.2. The Product Catalog Mode For Woocommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to an improper capability check on the catalog_rest_routes_react_module REST endpoints in all versions u... • https://patchstack.com/database/wordpress/plugin/woocommerce-catalog-enquiry/vulnerability/wordpress-product-catalog-enquiry-for-woocommerce-by-multivendorx-plugin-5-0-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47180 – WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerability
https://notcve.org/view.php?id=CVE-2023-47180
31 Oct 2023 — Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0. The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on one of its functions in all versions up to, and including, 2.16.0. This makes it possible for unauthenticated attackers to delete arbitrary content. • https://patchstack.com/database/wordpress/plugin/finale-woocommerce-sales-countdown-timer-discount/vulnerability/wordpress-finale-lite-sales-countdown-timer-discount-for-woocommerce-plugin-2-16-0-arbitrary-content-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32299 – WordPress Ni WooCommerce Sales Report plugin <= 3.7.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-32299
25 Oct 2023 — Missing Authorization vulnerability in anzia Ni WooCommerce Sales Report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a through 3.7.3. The Ni WooCommerce Sales Report plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_sales_order' function in versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with subscriber-level access and ab... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-sales-report/vulnerability/wordpress-ni-woocommerce-sales-report-plugin-3-7-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46635 – WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-46635
25 Oct 2023 — Missing Authorization vulnerability in YITH YITH WooCommerce Product Add-Ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.2.0. The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to unauthorized functionality due to a missing capability check on two of its AJAX actions in versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to make use of this functiona... • https://patchstack.com/database/wordpress/plugin/yith-woocommerce-product-add-ons/vulnerability/wordpress-yith-woocommerce-product-add-ons-plugin-4-2-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44999 – WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-44999
17 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.6.0. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 7.6.1 (exclusive). This ... • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45101 – WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45101
06 Oct 2023 — Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0. The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the check_progress and cancel_export functions in versions up to, and including, 5.36.0. This makes it possible for au... • https://patchstack.com/database/wordpress/plugin/customer-reviews-woocommerce/vulnerability/wordpress-customer-reviews-for-woocommerce-plugin-5-36-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45072 – WordPress Order auto complete for WooCommerce Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45072
03 Oct 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kardi Order auto complete for WooCommerce plugin <= 1.2.0 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en Kardi Order auto complete para WooCommerce en versiones <= 1.2.0. The Order auto complete for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.0 due to insufficient input sanitizatio... • https://patchstack.com/database/vulnerability/order-auto-complete-for-woocommerce/wordpress-order-auto-complete-for-woocommerce-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44149 – WordPress Brands for WooCommerce plugin <= 3.8.2.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-44149
22 Sep 2023 — Missing Authorization vulnerability in BeRocket Brands for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through 3.8.2.2. The Brands for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.8.2.2. This is due to missing capability checks on the clear_cache_ajax, save_order, br_get_products, br_get_brands, and save_all_orders functions hooked via AJAX nopriv actions... • https://patchstack.com/database/wordpress/plugin/brands-for-woocommerce/vulnerability/wordpress-brands-for-woocommerce-plugin-3-8-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •