CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32794 – WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32794
15 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WooCommerce Product Add-Ons en versiones <= 6.1.3. The WooCommerce Product Add-ons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.1.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this... • https://patchstack.com/database/vulnerability/woocommerce-product-addons/wordpress-woocommerce-product-add-ons-plugin-6-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32746 – WordPress WooCommerce Brands Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32746
15 May 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en el plugin WooCommerce Brands de WooCommerce, la cual afecta a las versiones 1.6.45 e inferiores. Para explotar estar vulnerabilidad hace falta estar autenticado y con permisos de colaborador o superior. The WooCommerce Brands plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... • https://patchstack.com/database/vulnerability/woocommerce-brands/wordpress-woocommerce-brands-plugin-1-6-45-contributor-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32793 – WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32793
15 May 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el plugin WooCommerce Pre-Orders de WooCommerce, la cual afecta a las versiones 2.0.0 e inferiores. Para explotar estar vulnerabilidad hace falta estar autenticado y tener permisos de colaborador o superior. The WooCommerce Pre-Orders plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up ... • https://patchstack.com/database/vulnerability/woocommerce-pre-orders/wordpress-woocommerce-pre-orders-plugin-2-0-0-contributor-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32795 – WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-32795
15 May 2023 — Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. Vulnerabilidad de deserialización de datos no confiables en WooCommerce Product Add-Ons. Este problema afecta a Product Add-Ons: desde n/a hasta 6.1.3. The WooCommerce Product Add-ons plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.1.3 via deserialization of untrusted input. This allows authenticated attackers, with shop man... • https://patchstack.com/database/vulnerability/woocommerce-product-addons/wordpress-woocommerce-product-add-ons-plugin-6-1-3-authenticated-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32799 – WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.3 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-32799
15 May 2023 — Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce Shipping Multiple Addresses. Este problema afecta a Shipping Multiple Addresses: desde n/a hasta 3.8.3. The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to insecure direct object reference in versions up ... • https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-3-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32801 – WordPress WooCommerce Composite Products Plugin <= 8.7.5 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32801
15 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada la cual no require autenticación, en el plugin WooCommerce Composite Products de WooCommerce que afecta a las versiones 8.7.5 e inferiores. The WooCommerce Composite Products plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 8.7.5 due to insufficient input sanitization and output esca... • https://patchstack.com/database/vulnerability/woocommerce-composite-products/wordpress-woocommerce-composite-products-plugin-8-7-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32575 – WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.25 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32575
12 May 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Product page shipping calculator for WooCommerce de PI Websolution que afecta a las versiones 1.3.25 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador o superior. The Product page shipping calculator for WooCommerce plugin for WordPres... • https://patchstack.com/database/vulnerability/product-page-shipping-calculator-for-woocommerce/wordpress-product-page-shipping-calculator-for-woocommerce-plugin-1-3-25-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44633 – WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2022-44633
10 May 2023 — Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. Vulnerabilidad de autorización faltante en YITH YITH WooCommerce Gift Cards Premium. Este problema afecta a YITH WooCommerce Gift Cards Premium: desde n/a hasta 3.23.1. The YITH WooCommerce Gift Cards Premium plugin for WordPress is vulnerable to unauthorized gift card creation due to a missing capability check on one of its functions in versions up... • https://patchstack.com/database/vulnerability/yith-woocommerce-gift-cards-premium/wordpress-yith-woocommerce-gift-cards-premium-plugin-3-23-1-unauth-gift-card-creation-leading-to-stored-xss-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27607 – WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2023-27607
05 May 2023 — Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. Vulnerabilidad de autorización faltante en WP Swings Points and Rewards para WooCommerce. Este problema afecta a Points and Rewards for WooCommerce: desde n/a hasta 1.5.0. The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.0. This is due to a missing nonce c... • https://patchstack.com/database/vulnerability/points-and-rewards-for-woocommerce/wordpress-points-and-rewards-for-woocommerce-plugin-1-5-0-settings-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27608 – WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-27608
05 May 2023 — Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. Vulnerabilidad de autorización faltante en WP Swings Points and Rewards para WooCommerce. Este problema afecta a Points and Rewards for WooCommerce: desde n/a hasta 1.5.0. The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'wps_wpr_points_update' function in v... • https://patchstack.com/database/vulnerability/points-and-rewards-for-woocommerce/wordpress-points-and-rewards-for-woocommerce-plugin-1-5-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •