CVSS: 6.5EPSS: %CPEs: 1EXPL: 0CVE-2023-50899 – Product Catalog Enquiry <= 5.0.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-50899
The Product Catalog Mode For Woocommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to an improper capability check on the catalog_rest_routes_react_module REST endpoints in all versions up to 5.0.3 (exclusive). This makes it possible for unauthenticated attackers to view data from admin tabs and save enquiries. • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2023-47180 – Finale Lite <= 2.16.0 - Missing Authorization to Content Deletion
https://notcve.org/view.php?id=CVE-2023-47180
The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on one of its functions in all versions up to, and including, 2.16.0. This makes it possible for unauthenticated attackers to delete arbitrary content. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2023-46635 – YITH WooCommerce Product Add-Ons <= 4.2.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-46635
The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to unauthorized functionality due to a missing capability check on two of its AJAX actions in versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to make use of this functionality and allows them to enable and disable blocks and addons. • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2023-32299 – Ni WooCommerce Sales Report <= 3.7.3 - Missing Authorization via ajax_sales_order
https://notcve.org/view.php?id=CVE-2023-32299
The Ni WooCommerce Sales Report plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_sales_order' function in versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view sales and order reports. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44999 – WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-44999
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.6.0. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 7.6.1 (exclusive). This is due to missing or incorrect nonce validation on the maybe_handle_redirect function. • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •