CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2023-47180 – Finale Lite <= 2.16.0 - Missing Authorization to Content Deletion
https://notcve.org/view.php?id=CVE-2023-47180
The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on one of its functions in all versions up to, and including, 2.16.0. This makes it possible for unauthenticated attackers to delete arbitrary content. • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2023-32299 – Ni WooCommerce Sales Report <= 3.7.3 - Missing Authorization via ajax_sales_order
https://notcve.org/view.php?id=CVE-2023-32299
The Ni WooCommerce Sales Report plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_sales_order' function in versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view sales and order reports. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2023-46635 – YITH WooCommerce Product Add-Ons <= 4.2.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-46635
The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to unauthorized functionality due to a missing capability check on two of its AJAX actions in versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to make use of this functionality and allows them to enable and disable blocks and addons. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44999 – WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-44999
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.6.0. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 7.6.1 (exclusive). This is due to missing or incorrect nonce validation on the maybe_handle_redirect function. • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45101 – Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization in Reviews Exporter
https://notcve.org/view.php?id=CVE-2023-45101
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the check_progress and cancel_export functions in versions up to, and including, 5.36.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to check the progress of or cancel a reviews export. • CWE-862: Missing Authorization •