CVE-2023-3547 – All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF
https://notcve.org/view.php?id=CVE-2023-3547
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. El complemento de WordPress All in One B2B para WooCommerce hasta la versión 1.0.3 no verifica correctamente los valores nonce en varias acciones, lo que permite a un atacante realizar ataques CSRF. The All in One B2B for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation affecting several actions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/3cfb6696-18ad-4a38-9ca3-992f0b768b78 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-41240 – WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-41240
Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2. Vulnerabilidad de autorización faltante en Vark Pricing Deals para WooCommerce. Este problema afecta a Pricing Deals para WooCommerce: desde n/a hasta 2.0.3.2. The Pricing Deals for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'vtprd_ajax_clone_rule' function in versions up to, and including, 2.0.3.2. This makes it possible for unauthenticated attackers to clone rules. • https://patchstack.com/database/vulnerability/pricing-deals-for-woocommerce/wordpress-pricing-deals-for-woocommercepricing-deals-for-woocommerce-plugin-2-0-3-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-40326 – Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request'
https://notcve.org/view.php?id=CVE-2023-40326
The Putler Connector for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_resync_request() function called via an AJAX action in versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a sync request. • CWE-862: Missing Authorization •
CVE-2023-40327 – Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'putler_connector_sync_complete'
https://notcve.org/view.php?id=CVE-2023-40327
The Putler Connector for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the putler_connector_sync_complete() function in versions up to, and including, 2.12.0. This makes it possible for unauthenticated attackers to delete the putler_connector_resync transient value. • CWE-862: Missing Authorization •
CVE-2022-47168 – Printful Integration for WooCommerce <= 2.2.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2022-47168
The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to call the unprotected function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-862: Missing Authorization •