CVE-2022-0775 – WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion
https://notcve.org/view.php?id=CVE-2022-0775
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment El complemento WooCommerce WordPress anterior a 6.2.1 no tiene una verificación de autorización adecuada al eliminar reseñas, lo que podría permitir a cualquier usuario autenticado, como un suscriptor, eliminar comentarios arbitrarios. The WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an insufficient capability check on the /wc/v2/products/ REST API in versions up to, and including, 6.2.0. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to delete, edit, and read arbitrary comments and reviews. • https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix https://plugins.trac.wordpress.org/changeset/2683324 https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVE-2021-32790 – Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint
https://notcve.org/view.php?id=CVE-2021-32790
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a patch for this vulnerability. • https://github.com/woocommerce/woocommerce/security/advisories/GHSA-7vx5-x39w-q24g https://woocommerce.com/posts/critical-vulnerability-detected-july-2021 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-24323 – Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24323
When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled Cuando la opción taxes está habilitada, el campo "Additional tax classes" no es saneado apropiadamente antes de ser devuelto en el panel de administración, permitiendo a usuarios con altos privilegios, tales como el administrador, usar cargas útiles XSS incluso cuando el parámetro unfiltered_html está deshabilitado The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Additional tax classes' field when the tax functionality of WooCommerce is enabled in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/6d262555-7ae4-4e36-add6-4baa34dc3010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-20891
https://notcve.org/view.php?id=CVE-2019-20891
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. WooCommerce versiones anteriores a 3.6.5, cuando maneja las importaciones CSV de productos, presenta un problema de tipo cross-site request forgery (CSRF) con un cross-site scripting (XSS) almacenado resultante (Un ataque de tipo XSS) por medio del archivo includes/admin/importers/class-wc-product-csv-importer-controller.php • https://blog.ripstech.com/2019/woocommerce-csrf-to-stored-xss https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-29156 – WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter
https://notcve.org/view.php?id=CVE-2020-29156
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. El plugin WooCommerce versiones anteriores a 4.7.0 para WordPress, permite a atacantes remotos visualizar el estado de pedidos arbitrarios por medio del parámetro order_id en una acción fetch_order_status • https://github.com/Ko-kn3t/CVE-2020-29156 https://raw.githubusercontent.com/woocommerce/woocommerce/master/changelog.txt • CWE-639: Authorization Bypass Through User-Controlled Key •