CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51679 – WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51679
Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2. Vulnerabilidad de autorización faltante en BulkGate BulkGate SMS Plugin for WooCommerce. Este problema afecta a BulkGate SMS Plugin for WooCommerce: desde n/a hasta 3.0.2. The BulkGate SMS Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to save module settings among other actions. • https://patchstack.com/database/vulnerability/woosms-sms-module-for-woocommerce/wordpress-bulkgate-sms-plugin-for-woocommerce-plugin-3-0-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51498 – WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51498
Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through 2.8.3. Vulnerabilidad de autorización faltante en Woo WooCommerce Canada Post Shipping. Este problema afecta a WooCommerce Canada Post Shipping: desde n/a hasta 2.8.3. The WooCommerce Canada Post Shipping plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-shipping-canada-post/wordpress-woocommerce-canada-post-shipping-plugin-2-8-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51494 – WordPress WooCommerce Product Vendors plugin <= 2.2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51494
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1. Vulnerabilidad de autorización faltante en Woo WooCommerce Product Vendors. Este problema afecta a los proveedores de productos WooCommerce: desde n/a hasta 2.2.1. The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51495 – WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51495
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. Vulnerabilidad de autorización faltante en Woo WooCommerce Warranty Requests. Este problema afecta a WooCommerce Warranty Requests: desde n/a hasta 2.2.7. The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-2-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51481 – WordPress Local Delivery Drivers for WooCommerce plugin <= 1.9.0 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2023-51481
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0. Una vulnerabilidad de gestión de privilegios incorrecta en powerfulwp Local Delivery Drivers para WooCommerce permite la escalada de privilegios. Este problema afecta a Local Delivery Drivers para WooCommerce: desde n/a hasta 1.9.0. The Local Delivery Drivers for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'lddfw_edit_driver_service' function in all versions up to, and including, 1.9.0. This makes it possible for unauthenticated attackers to take over driver accounts. • https://patchstack.com/database/vulnerability/local-delivery-drivers-for-woocommerce/wordpress-local-delivery-drivers-for-woocommerce-plugin-1-9-0-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •