CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2023-51355 – WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages
https://notcve.org/view.php?id=CVE-2023-51355
The WC Marketplace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_save_dashpages' function in versions up to, and including, 4.0.23. This makes it possible for unauthenticated attackers to update the plugin's settings. • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51369 – WordPress Customize My Account for WooCommerce plugin <= 1.8.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-51369
Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en SysBasics Customize My Account for WooCommerce. Este problema afecta a Customize My Account for WooCommerce: desde n/a hasta 1.8.3. The Customize My Account for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.3. This is due to missing or incorrect nonce validation on the restore_my_account_tabs function. • https://patchstack.com/database/vulnerability/customize-my-account-for-woocommerce/wordpress-customize-my-account-for-woocommerce-plugin-1-8-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51357 – Conversios.io <= 6.5.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-51357
The Conversios.io plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the conversios-productsync/v1/cron-productsync REST API endpoint in versions up to, and including, 6.5.0. This makes it possible for unauthenticated attackers to trigger a product sync. • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50861 – WordPress HUSKY plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-50861
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF). Este problema afecta a HUSKY – Products Filter for WooCommerce (formerly WOOF): desde n/a hasta 1.3.4.3. The HUSKY – Products Filter for WooCommerce (formerly WOOF) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.4.3. This is due to missing or incorrect nonce validation on several functions in the ext/stat/index.php file. • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49817 – Flexible Woocommerce Checkout Field Editor <= 2.0.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-49817
The Flexible Woocommerce Checkout Field Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function function in versions up to, and including, 2.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. • CWE-862: Missing Authorization •