CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36514 – WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-36514
26 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.5. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing a... • https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35917 – WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35917
20 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. The WooCommerce PayPal Payments plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicki... • https://patchstack.com/database/vulnerability/woocommerce-paypal-payments/wordpress-woocommerce-paypal-payments-plugin-2-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35918 – WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-35918
19 Jun 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. The WooCommerce Bulk Stock Management plugin plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.2.33 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. Unauth. • https://patchstack.com/database/vulnerability/woocommerce-bulk-stock-management/wordpress-woocommerce-bulk-stock-management-plugin-2-2-33-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35880 – WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-35880
19 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. The WooCommerce Brands plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.49. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on ... • https://patchstack.com/database/vulnerability/woocommerce-brands/wordpress-woocommerce-brands-plugin-1-6-49-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34000 – WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-34000
13 Jun 2023 — Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 7.4.0. This is due to insufficient validation in the payment_fields() and javascript_params () functions that do not properly validate order ownership. This makes it possible for unauthenticated attackers to retrieve potentially sensitive data for ord... • https://patchstack.com/articles/unauthenticated-idor-to-pii-disclosure-vulnerability-in-woocommerce-stripe-gateway-plugin?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35049 – WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-35049
13 Jun 2023 — Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0. Vulnerabilidad de autorización faltante en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.4.0. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and includ... • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-payment-gateway-plugin-7-4-0-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34376 – WordPress Change WooCommerce Add To Cart Button Text plugin <= 1.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-34376
03 Jun 2023 — Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3. The Change WooCommerce Add To Cart Button Text plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rexvs_settings_submit AJAX function in versions up to, and including, 1.3. This makes it possible for au... • https://patchstack.com/database/wordpress/plugin/change-woocommerce-add-to-cart-button-text/vulnerability/wordpress-change-woocommerce-add-to-cart-button-text-plugin-1-3-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34004 – WordPress WooCommerce Box Office Plugin <= 1.1.50 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34004
02 Jun 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions. Vulnerabilidad de Cross-Site Scripting (XSS) el plugin WooCommerce Box Office de WooCommerce que afecta a versiones 1.1.50 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de colaborador o superior. The WooCommerce Box Office plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.50 ... • https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-1-50-contributor-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34003 – WordPress WooCommerce Box Office plugin <= 1.1.51 - Unauthenticated Save Ticket Barcode vulnerability
https://notcve.org/view.php?id=CVE-2023-34003
02 Jun 2023 — Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. Vulnerabilidad de autorización faltante en Woo WooCommerce Box Office. Este problema afecta a WooCommerce Box Office: desde n/a hasta 1.1.51. The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 1.1.51. This makes it possibl... • https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-1-51-unauthenticated-save-ticket-barcode-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33332 – WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33332
24 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions. The WooCommerce Product Vendors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.76 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a ... • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-76-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •