CVE-2024-0399 – WooCommerce Customers Manager < 29.7 - Subscriber+ SQL Injection
https://notcve.org/view.php?id=CVE-2024-0399
The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role. El complemento WooCommerce Customers Manager de WordPress anterior a la versión 29.7 no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL, lo que genera una inyección de SQL explotable por el rol Suscriptor+. The WooCommerce Customers Manager plugin for WordPress is vulnerable to SQL Injection via the 'max_amount_total' parameter in all versions up to, and including, 29.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://github.com/xbz0n/CVE-2024-0399 https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-0881 – Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
https://notcve.org/view.php?id=CVE-2024-0881
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts El complemento Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel de WordPress anterior a 2.2.76 no impide que se muestren publicaciones protegidas con contraseña como resultado de algunas acciones AJAX no autenticadas, lo que permite a usuarios no autenticados leer dichas publicaciones. The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.74 via the post_grid_paginate_ajax_free AJAX endpoint. This makes it possible for unauthenticated attackers to retrieve private and password protected posts that may contain sensitive information. • https://wpscan.com/vulnerability/e460e926-6e9b-4e9f-b908-ba5c9c7fb290 • CWE-284: Improper Access Control •
CVE-2024-2322 – WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-2322
The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks. El complemento WooCommerce Cart Abandonment Recovery de WordPress anterior a 1.2.27 no tiene verificación CSRF en sus acciones masivas, lo que podría permitir a los atacantes hacer que los administradores registrados eliminen plantillas de correo electrónico arbitrarias, así como eliminar y cancelar la suscripción de usuarios de pedidos abandonados a través de ataques CSRF. The WooCommerce Cart Abandonment Recovery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete templates or abandoned orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055 • CWE-352: Cross-Site Request Forgery (CSRF) •