CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35914 – WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce Woo Subscriptions. Este problema afecta a Woo Subscriptions: desde n/a hasta 5.1.2. The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown unction in versions up to, and including, 5.1.2. This makes it possible for unauthenticated attackers to access or modify information by passing in a user-conttrolled parameter. • https://patchstack.com/database/vulnerability/woocommerce-subscriptions/wordpress-woocommerce-subscriptions-plugin-5-1-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32747 – WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-32747
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce WooCommerce Bookings. Este problema afecta a WooCommerce Bookings: desde n/a hasta 1.15.78. The WooCommerce Bookings plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 1.15.78. This is due to insufficient validation on a user controlled key. • https://patchstack.com/database/vulnerability/woocommerce-bookings/wordpress-woocommerce-bookings-plugin-1-15-78-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 92%CPEs: 9EXPL: 5CVE-2023-28121 – WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-28121
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. The WooCommerce Payments plugin is vulnerable to authentication bypass via the determine_current_user_for_platform_checkout function. This allows unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, which can lead to site takeover. WooCommerce-Payments plugin for Wordpress versions 4.8, 4.8.2, 4.9, 4.9.1, 5.0, 5.0.4, 5.1, 5.1.3, 5.2, 5.2.2, 5.3, 5.3.1, 5.4, 5.4.1, 5.5, 5.5.2, and 5.6, 5.6.2 contain an authentication bypass by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER header. • https://github.com/gbrsh/CVE-2023-28121 https://github.com/im-hanzou/Mass-CVE-2023-28121 https://github.com/1337nemojj/CVE-2023-28121 https://github.com/Jenderal92/WP-CVE-2023-28121 https://github.com/rio128128/Mass-CVE-2023-28121-kdoec https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 10%CPEs: 31EXPL: 2CVE-2021-32789 – Arbitrary SQL (SQL injection) possible via the Store API component.
https://notcve.org/view.php?id=CVE-2021-32789
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. • https://github.com/and0x00/CVE-2021-32789 https://github.com/DonVorrin/CVE-2021-32789 https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1 https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp https://hackerone.com/reports/1260787 https://woocommerce.com/posts/critical-vulnerability-detected-july-2021 https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17058 – WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2017-17058
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code ** EN DISPUTA ** El plugin WooCommerce hasta la versión 3.x para WordPress contiene una vulnerabilidad de salto de directorio mediante un URI /wp-content/plugins/woocommerce/templates/emails/plain/ que accede a un directorio principal. NOTA: un mantenedor de software indica que no es posible que se produzca un salto de directorio debido a que todos los archivos de template contienen código "if (!defined('ABSPATH')) {exit;}". • https://www.exploit-db.com/exploits/43196 https://github.com/fu2x2000/CVE-2017-17058-woo_exploit https://github.com/woocommerce/woocommerce/issues/17964 https://www.exploit-db.com/ghdb/4613 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •