CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31297 – WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability
https://notcve.org/view.php?id=CVE-2024-31297
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. The Wholesale For WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to delete arbitrary posts. • https://patchstack.com/database/vulnerability/woocommerce-wholesale-pricing/wordpress-wholesale-for-woocommerce-plugin-2-3-1-unauthenticated-arbitrary-post-page-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31235 – WordPress Comments Import & Export plugin <= 2.3.5 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31235
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WebToffee WordPress Comments Import & Export. Este problema afecta la importación y exportación de comentarios de WordPress: desde n/a hasta 2.3.5. The WordPress Comments Import & Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.5. This is due to missing or incorrect nonce validation on the do_export() function. • https://patchstack.com/database/vulnerability/comments-import-export-woocommerce/wordpress-comments-import-export-plugin-2-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31100 – WordPress Popup Cart Lite for WooCommerce plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31100
Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Cart Lite for WooCommerce.This issue affects Popup Cart Lite for WooCommerce: from n/a through 1.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Popup Cart Lite for WooCommerce de Festi-Team para WordPress. Este problema afecta a Popup Cart Lite para WooCommerce: desde n/a hasta 1.1. The Popup Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation an unknown function. • https://patchstack.com/database/vulnerability/woocommerce-woocart-popup-lite/wordpress-popup-cart-lite-for-woocommerce-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31109 – WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31109
Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Toastie Studio Woocommerce Social Media Share Buttons permite almacenar XSS. Este problema afecta a los botones para compartir en redes sociales de WooCommerce: desde n/a hasta 1.3.0. The Woocommerce Social Media Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/woocommerce-social-media-share-buttons/wordpress-woocommerce-social-media-share-buttons-plugin-1-3-0-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30511 – WordPress FG PrestaShop to WooCommerce plugin <= 4.45.1 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-30511
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. Inserción de información confidencial en la vulnerabilidad del archivo de registro en Frédéric GILLES FG PrestaShop a WooCommerce. Este problema afecta a FG PrestaShop a WooCommerce: desde n/a hasta 4.45.1. The FG PrestaShop to WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.45.1. This makes it possible for unauthenticated attackers to view data in log files. • https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-45-1-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •