CVE-2016-10923 – Store Toolkit for WooCommerce <= 1.5.7 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-10923
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. El plugin woocommerce-store-toolkit anterior de la versión 1.5.8 para WordPress tiene escalada de privilegios. The Store Toolkit for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.7. This is due to improper privilege management. This makes it possible for authenticated attackers to bypass capability checks. • https://wordpress.org/plugins/woocommerce-store-toolkit/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVE-2016-10935 – WooCommerce – Store Exporter <= 1.8.3 - Missing Authorization
https://notcve.org/view.php?id=CVE-2016-10935
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation. El plugin woocommerce-exportador antes de 1.8.4 para WordPress tiene una escalada de privilegios The WooCommerce – Store Exporter plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the woo_ce_admin_init function hooked via 'init' in versions up to, and including 1.8.3. This makes it possible for unauthenticated attackers to perform actions like exporting data that may contain sensitive information. • https://wordpress.org/plugins/woocommerce-exporter/#developers https://wpvulndb.com/vulnerabilities/9825 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2016-10922 – Store Toolkit for WooCommerce <= 1.5.6 - Missing Authorization
https://notcve.org/view.php?id=CVE-2016-10922
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. El plugin woocommerce-store-toolkit anterior de la versión 1.5.7 para WordPress tiene escalada de privilegios. The Store Toolkit for WooCommerce plugin for WordPress is vulnerable to missing authorization checks on the woo_st_admin_init() function in versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to gain access to restricted administrative actions and delete several different types of site content. • https://wordpress.org/plugins/woocommerce-store-toolkit/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •