CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7027 – WooCommerce - PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher Vendor
https://notcve.org/view.php?id=CVE-2024-7027
23 Jul 2024 — The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id. El complemento WooCommerce - PDF Vouchers para WordPress es vulnerable a la omisión de autenticación en versiones hasta l... • https://codecanyon.net/item/woocommerce-pdf-vouchers-ultimate-gift-cards-wordpress-plugin/7392046 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6635 – WooCommerce - Social Login <= 2.7.3 - Unauthenticated Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-6635
19 Jul 2024 — The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, excluding an administrator, if they know the email of user. El complemento WooCommerce - Social Login para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 2.7.3 incluida. Esto se ... • https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-6636 – WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-6636
19 Jul 2024 — The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account. El complemento WooCommerce - Social Login para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad e... • https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6637 – WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password
https://notcve.org/view.php?id=CVE-2024-6637
19 Jul 2024 — The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user. El complemento WooCommerce - Social Login para WordPress es vulnerable a una escalada de privilegios no autenticados en todas... • https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883 • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5868 – WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness
https://notcve.org/view.php?id=CVE-2024-5868
14 Jun 2024 — The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification. El complemento WooCommerce - Social Login para WordPress es vulnerable a la verificación de correo electrónico en todas las versiones hasta la 2.6.2 incluida mediante el uso de un código de activación insuficientemente aleatorio. Esto hace... • https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883 • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2024-5871 – WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-5871
14 Jun 2024 — The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve ... • https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883 • CWE-502: Deserialization of Untrusted Data •