CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24799 – WordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24799
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. Vulnerabilidad de autorización faltante en WooCommerce WooCommerce Box Office. Este problema afecta a WooCommerce Box Office: desde n/a hasta 1.2.2. The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50850 – WooCommerce Subscriptions < 5.8.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-50850
The WooCommerce Subscriptions plugin for WordPress is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function in versions up to 5.8.0. This makes it possible for authenticated attackers, with contributor-level access and above, to make use of that function. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52224 – WordPress Revolut Gateway for WooCommerce plugin <= 4.9.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-52224
Missing Authorization vulnerability in Revolut Revolut Gateway for WooCommerce.This issue affects Revolut Gateway for WooCommerce: from n/a through 4.9.7. Vulnerabilidad de autorización faltante en Revolut Revolut Gateway para WooCommerce. Este problema afecta a Revolut Gateway para WooCommerce: desde n/a hasta 4.9.7. The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the wc_revolut_clear_records and wc_revolut_onboard_applepay_domain functions in versions up to, and including, 4.9.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear records and trigger applepay onboarding. • https://patchstack.com/database/vulnerability/revolut-gateway-for-woocommerce/wordpress-revolut-gateway-for-woocommerce-plugin-4-9-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52231 – WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52231
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Booster Booster Plus para WooCommerce. Este problema afecta a Booster Plus para WooCommerce: desde n/a antes de 7.1.2. The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). This makes it possible for authenticated attackers, with susbcriber-level access and above, to access arbitrary order information. • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52222 – WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52222
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Automattic WooCommerce. Este problema afecta a WooCommerce: desde n/a hasta 8.2.2. The WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.2. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •