CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31098 – WordPress New Order Notification for Woocommerce plugin <= 2.0.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31098
Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2. Vulnerabilidad de autorización faltante en Mr.Ebabi New Order Notification for Woocommerce. Este problema afecta la notificación de nuevo pedido para Woocommerce: desde n/a hasta 2.0.2. The New Order Notification for Woocommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/new-order-notification-for-woocommerce/wordpress-new-order-notification-for-woocommerce-plugin-2-0-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30492 – WordPress Export and Import Users and Customers plugin <= 2.5.2 - Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-30492
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. Limitación inadecuada de un nombre de ruta a una vulnerabilidad de Restricted Directory ("Path Traversal") en WebToffee Import Export WordPress Users. Este problema afecta a los usuarios de Import Export WordPress: desde n/a hasta 2.5.2. The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with shop manager-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/users-customers-import-export-for-wp-woocommerce/wordpress-export-and-import-users-and-customers-plugin-2-5-2-path-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30462 – WordPress HUSKY plugin <= 1.3.5.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30462
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF). Este problema afecta a HUSKY – Filtro de productos para WooCommerce (anteriormente WOOF): desde n/a hasta 1.3.5.1. The HUSKY – Products Filter for WooCommerce (formerly WOOF) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5.1. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30458 – WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.1.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30458
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 WOOCS – WooCommerce Currency Switcher. Este problema afecta a WOOCS – WooCommerce Currency Switcher: desde n/a hasta 1.4.1.7. The WOOCS – WooCommerce Currency Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1.7. This is due to missing or incorrect nonce validation on the save_etalon() function.. • https://patchstack.com/database/vulnerability/woocommerce-currency-switcher/wordpress-fox-currency-switcher-professional-for-woocommerce-plugin-1-4-1-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30485 – WordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability
https://notcve.org/view.php?id=CVE-2024-30485
Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. Vulnerabilidad de autorización faltante en XLPlugins Finale Lite. Este problema afecta a Finale Lite: desde n/a hasta 2.18.0. The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 2.18.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. • https://patchstack.com/database/vulnerability/finale-woocommerce-sales-countdown-timer-discount/wordpress-finale-lite-plugin-2-18-0-subscriber-arbitrary-plugin-installation-activation-vulnerability?_s_id=cve • CWE-862: Missing Authorization •