CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2023-49817 – Flexible Woocommerce Checkout Field Editor <= 2.0.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-49817
The Flexible Woocommerce Checkout Field Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function function in versions up to, and including, 2.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2023-41671 – Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions
https://notcve.org/view.php?id=CVE-2023-41671
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 5.16.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notifications, toggle templates, view abandoned cart details, and preview emails. • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6090 – WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6090
Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Mollie Mollie Payments para WooCommerce. Este problema afecta a Mollie Payments para WooCommerce: desde n/a hasta 7.3.11. The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in one of its functions in all versions up to, and including, 7.3.11. This makes it possible for authenticated attackers, with Shop Manager access to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48747 – WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-48747
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2. Vulnerabilidad de autenticación incorrecta en Pluggabl LLC Booster for WooCommerce permite acceder a funciones no restringidas adecuadamente por las ACL. Este problema afecta a Booster for WooCommerce: desde n/a hasta 7.1.2. The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcj_product_add_new() function in all versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create and modify products • https://patchstack.com/database/vulnerability/woocommerce-jetpack/wordpress-booster-for-woocommerce-plugin-7-1-2-authenticated-production-creation-modification-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40334 – HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Missing Authorization via woof_meta_get_keys()
https://notcve.org/view.php?id=CVE-2023-40334
The HUSKY – Products Filter for WooCommerce (formerly WOOF) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the woof_meta_get_keys() function in versions up to, and including, 1.3.4.2. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve meta key values. • CWE-862: Missing Authorization •