CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2023-47847 – PayTR Taksit Tablosu <= 1.3.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-47847
The PayTR Taksit Tablosu plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on one of the paytr_installment_tab_content_ajax function in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to update plugin settings. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47681 – WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47681
Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0. Vulnerabilidad de autorización faltante en QuadLayers WooCommerce Checkout Manager. Este problema afecta a WooCommerce Checkout Manager: desde n/a hasta 7.3.0. The WooCommerce Checkout Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_order_attachment_upload and ajax_delete_attachment functions hooked via AJAX in versions up to, and including, 7.3.0. This makes it possible for unauthenticated attackers to update arbitrary order attachments and delete them. • https://patchstack.com/database/vulnerability/woocommerce-checkout-manager/wordpress-woocommerce-checkout-manager-plugin-7-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47698 – Japanized For WooCommerce <= 2.6.4 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-47698
The Japanized For WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification due to missing capability checks on several functions called via REST API function in versions up to, and including, 2.6.4. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as updating the plugin's settings and retrieving information about settings. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47241 – CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-47241
The CoCart – Headless ecommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function in versions up to, and including, 3.11.2. This makes it possible for unauthenticated attackers to make unauthorized use of the unprotected function. • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50899 – Product Catalog Enquiry <= 5.0.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-50899
The Product Catalog Mode For Woocommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to an improper capability check on the catalog_rest_routes_react_module REST endpoints in all versions up to 5.0.3 (exclusive). This makes it possible for unauthenticated attackers to view data from admin tabs and save enquiries. • CWE-862: Missing Authorization •