CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48275 – WordPress Widgets for Google Reviews plugin <= 11.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-48275
Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los widgets Trustindex.Io para reseñas de Google. Este problema afecta a los widgets para reseñas de Google: desde n/a hasta 11.0.2. Multiple plugins for WordPress by Trustindex.io are vulnerable to arbitrary file uploads due to missing file type validation in the ~/tabs/feature_request.php file in various versions. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wp-reviews-plugin-for-google/wordpress-widgets-for-google-reviews-plugin-11-0-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47847 – PayTR Taksit Tablosu <= 1.3.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-47847
The PayTR Taksit Tablosu plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on one of the paytr_installment_tab_content_ajax function in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to update plugin settings. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47681 – WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47681
Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0. Vulnerabilidad de autorización faltante en QuadLayers WooCommerce Checkout Manager. Este problema afecta a WooCommerce Checkout Manager: desde n/a hasta 7.3.0. The WooCommerce Checkout Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_order_attachment_upload and ajax_delete_attachment functions hooked via AJAX in versions up to, and including, 7.3.0. This makes it possible for unauthenticated attackers to update arbitrary order attachments and delete them. • https://patchstack.com/database/vulnerability/woocommerce-checkout-manager/wordpress-woocommerce-checkout-manager-plugin-7-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47698 – Japanized For WooCommerce <= 2.6.4 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-47698
The Japanized For WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification due to missing capability checks on several functions called via REST API function in versions up to, and including, 2.6.4. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as updating the plugin's settings and retrieving information about settings. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47241 – CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-47241
The CoCart – Headless ecommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 3.11.2. This makes it possible for unauthenticated attackers to make unauthorized use of the unprotected function. • CWE-862: Missing Authorization •