CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51497 – WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51497
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. Vulnerabilidad de autorización faltante en Woo WooCommerce Ship to Multiple Addresses. Este problema afecta a WooCommerce Ship to Multiple Addresses: desde n/a hasta 3.8.9. The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized action due to a missing capability check on a function in versions up to, and including, 3.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51496 – WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51496
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. Vulnerabilidad de autorización faltante en Woo WooCommerce Warranty Requests. Este problema afecta a WooCommerce Warranty Requests: desde n/a hasta 2.2.7. The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-2-7-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51546 – WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-51546
Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. Una vulnerabilidad de gestión de privilegios incorrecta en WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Label permite la escalada de privilegios. Este problema afecta a WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: desde n/a hasta 4.2.1. The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to arbitrary options updates via the JSON import functionality in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Shop Manager access and above, to update arbitrary site options. • https://patchstack.com/database/vulnerability/print-invoices-packing-slip-labels-for-woocommerce/wordpress-woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-plugin-4-2-1-privilege-escalation-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51511 – WordPress Booster Elite for WooCommerce plugin < 7.1.3 - Authenticated Production Creation/Modification Vulnerability
https://notcve.org/view.php?id=CVE-2023-51511
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.3. Vulnerabilidad de autenticación incorrecta en Pluggabl LLC Booster Elite para WooCommerce permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a Booster Elite para WooCommerce: desde n/a antes de 7.1.3. The Booster Elite for WooCommerce plugin for WordPress is vulnerable to content injection via an unknown parameter in all versions up to and including 7.1.2 due to insufficient capability checks. This makes it possible for authenticated attackers, with subscriber access and above, to create and edit content using the plugin. • https://patchstack.com/database/vulnerability/booster-elite-for-woocommerce/wordpress-booster-elite-for-woocommerce-plugin-7-1-3-authenticated-production-creation-modification-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51499 – WordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51499
Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. Vulnerabilidad de autorización faltante en WooCommerce WooCommerce Shipping Per Product. Este problema afecta el envío por producto de WooCommerce: desde n/a hasta 2.5.4. The WooCommerce Shipping Per Product plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with customer-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-shipping-per-product/wordpress-woocommerce-shipping-per-product-plugin-2-5-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •