CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41803 – WordPress BitPay Checkout for WooCommerce plugin <= 4.1.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-41803
05 Sep 2023 — Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BitPay Checkout for WooCommerce: from n/a through 4.1.0. The BitPay Checkout for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to perform an unauthorized ... • https://patchstack.com/database/wordpress/plugin/bitpay-checkout-for-woocommerce/vulnerability/wordpress-bitpay-checkout-for-woocommerce-plugin-4-1-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4703 – All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-4703
04 Sep 2023 — The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation. El complemento de WordPress All in One B2B para WooCommerce hasta la versión 1.0.3 no valida correctamente los parámetros al actualizar los detalles del usuario, lo que permite a un atacante no autenticado actualizar los detalles de cualq... • https://wpscan.com/vulnerability/83278bbb-90e6-4465-a46d-60b4c703c11a • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3547 – All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF
https://notcve.org/view.php?id=CVE-2023-3547
04 Sep 2023 — The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. El complemento de WordPress All in One B2B para WooCommerce hasta la versión 1.0.3 no verifica correctamente los valores nonce en varias acciones, lo que permite a un atacante realizar ataques CSRF. The All in One B2B for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. Thi... • https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41240 – WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-41240
29 Aug 2023 — Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2. Vulnerabilidad de autorización faltante en Vark Pricing Deals para WooCommerce. Este problema afecta a Pricing Deals para WooCommerce: desde n/a hasta 2.0.3.2. The Pricing Deals for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'vtprd_ajax_clone_rule' function in versions up to, an... • https://patchstack.com/database/vulnerability/pricing-deals-for-woocommerce/wordpress-pricing-deals-for-woocommercepricing-deals-for-woocommerce-plugin-2-0-3-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40326 – Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request'
https://notcve.org/view.php?id=CVE-2023-40326
15 Aug 2023 — The Putler Connector for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_resync_request() function called via an AJAX action in versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a sync request. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40327 – WordPress Putler Connector for WooCommerce plugin <= 2.12.0 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-40327
15 Aug 2023 — Missing Authorization vulnerability in Putler / Storeapps Putler Connector for WooCommerce.This issue affects Putler Connector for WooCommerce: from n/a through 2.12.0. The Putler Connector for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the putler_connector_sync_complete() function in versions up to, and including, 2.12.0. This makes it possible for unauthenticated attackers to delete the putler_connector_resync transient value. • https://patchstack.com/database/wordpress/plugin/woocommerce-putler-connector/vulnerability/wordpress-putler-connector-for-woocommerce-plugin-2-12-0-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47168 – WordPress Printful Integration for WooCommerce plugin <= 2.2.3 - Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47168
11 Aug 2023 — Missing Authorization vulnerability in Printful Printful Integration for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooCommerce: from n/a through 2.2.3. The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attacke... • https://patchstack.com/database/wordpress/plugin/printful-shipping-for-woocommerce/vulnerability/wordpress-printful-integration-for-woocommerce-plugin-2-2-2-cross-site-request-forgery-csrf?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35881 – WordPress WooCommerce One Page Checkout plugin <= 2.3.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-35881
10 Aug 2023 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WooCommerce WooCommerce One Page Checkout allows PHP Local File Inclusion.This issue affects WooCommerce One Page Checkout: from n/a through 2.3.0. Limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en WooCommerce WooCommerce One Page Checkout permite la inclusión de archivos locales PHP. Este problema afecta a WooCommerce One Page Checkout: desde n/a hast... • https://patchstack.com/database/vulnerability/woocommerce-one-page-checkout/wordpress-woocommerce-one-page-checkout-plugin-2-3-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36506 – WordPress YITH WooCommerce Waitlist plugin <= 2.13.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-36506
10 Aug 2023 — Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0. The YITH WooCommerce Waiting List plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.0. This is due to missing or incorrect nonce validation on the 'save_mail_status' function. This makes it possible for unauthenticated attackers to enable... • https://patchstack.com/database/wordpress/plugin/yith-woocommerce-waiting-list/vulnerability/wordpress-yith-woocommerce-waitlist-plugin-2-6-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37989 – WordPress Easyship WooCommerce Shipping Rates plugin <= 0.9.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-37989
17 Jul 2023 — Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shipping Rates: from n/a through 0.9.0. The Easyship WooCommerce Shipping Rates plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 0.8.9. This makes it possible for authenticated attackers... • https://patchstack.com/database/wordpress/plugin/easyship-woocommerce-shipping-rates/vulnerability/wordpress-easyship-woocommerce-shipping-rates-plugin-0-8-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •